AMA House of Delegates

AMA meeting: Better data protection needed from Blues

New AMA policy says the national insurer needs to expand its offer of credit protection for doctors whose information was on a stolen laptop.

By Damon Adams — Posted Nov. 23, 2009

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

The BlueCross BlueShield Assn. should expand credit protection and increase identity theft insurance to physicians affected when a laptop computer containing doctors' personal information was stolen from an employee's car, according to policy adopted by the American Medical Association House of Delegates.

The new policy calls for the Blues association to offer at least five years of credit protection for all affected physicians, offer more than one company for protection, raise the amount of ID theft insurance and publicly report confirmed cases of identity theft.

The national Blues plan also should provide affected physicians easy access to credit-monitoring reports without cost, and give legal protection and indemnification to doctors for any losses resulting from the breach.

"It's really unconscionable that you could be so negligent in handling someone's data," said Michael Simon, MD, a Poughkeepsie, N.Y., anesthesiologist and alternate delegate for the American Society of Anesthesiologists, who spoke on his own behalf in committee testimony.

Dr. Simon and other delegates said the measures are necessary to protect physicians from thieves. "They can now set up a practice using your name and number on paper and send out bills," Dr. Simon said.

A file containing unencrypted, identifying information for every physician nationwide who contracts with a BlueCross BlueShield-affiliated insurance plan was on the stolen employee-owned computer.

The Blues association told affiliated plans one week after the Aug. 25 theft. But the 39 member plans did not start informing the affected 850,000 doctors until October. Connecticut Attorney General Richard Blumenthal is investigating the data breach and whether the delay in notifying physicians violated state law. In a statement Nov. 9, Blumenthal also said affected physicians should get at least two years of credit monitoring and protection.

The Blues said it would provide a free year of credit monitoring only for those doctors listed in the file whose Social Security number is also their National Provider Identifier or tax identification number.

Blues spokesman Jeff Smokler said the association is working with the AMA to address physicians' concerns. It has contacted the Centers for Medicare & Medicaid Services to ensure that the agency knows which physician IDs have been compromised in case fraudulent billing is suspected. After the laptop was reported stolen, he said, the delay in getting the word to doctors was a result of "the way we're set up."

"We regret that this unfortunate and rare occurrence took place, and we are working to rectify the situation as swiftly and responsibly as possible," Smokler said. "We take very seriously our commitment to our provider partners and are committed to working with the AMA to protect physicians' information and to prevent such a security breach from happening again."

The new AMA policy also says insurers should store personal information about physicians and other health care professionals electronically only in encrypted form to reduce the chance of a data security breach. If a breach occurs, insurers should notify physicians immediately.

The AMA will study the problems of such breaches and report back at its Annual Meeting in June 2010.

Back to top


Meeting notes: Other actions

Issue: Courts may judge physicians in medical liability cases by developing new standards based on clinical and practice guidelines, risk management, utilization review and other cost-containment efforts -- especially if congressional health reform legislation does not contain language counterbalancing such arguments. Such federal legislation also could preempt effective state liability reforms.

Proposed action: Advocate for legislative language protecting both existing effective state medical liability reform programs and states' ability to enact such reforms. Lobby for legislation to establish a noneconomic damage cap of $250,000 or lower. [Adopted]

Issue: The potential savings to the health system from national medical liability reform legislation is not known.

Proposed action: Contract with an independent, third-party organization to estimate the impact national tort reform legislation would have on the system, with an update every 10 years. [Adopted]

Issue: The Medicare Modernization Act of 2003 authorized federal payments to states for emergency care for undocumented immigrants. But this support will end in May 2010.

Proposed action: Support congressional legislation to extend federal support for such emergency care. [Adopted]

Issue: Physicians who issue only paper prescriptions for patients in Medicare Part D will face pay cuts starting in 2012, but the U.S. Drug Enforcement Administration still requires prescriptions for many controlled substances to be written on paper. The DEA issued a proposed rule in June 2008 that would establish standards for electronic ordering of such drugs, but the rule has not been finalized.

Proposed action: Report the AMA's progress in advocating for electronic prescribing of controlled substances and on DEA efforts to issue reasonable requirements for electronic prescribers. [Adopted]

Issue: Forty state medical boards ask about physicians' history of mental illness, potentially discouraging doctors from seeking appropriate treatment for psychiatric disorders.

Proposed action: Work with the Federation of State Medical Boards and others to develop less discriminatory application language that is consistent with boards' mission to protect public health. [Adopted]

Issue: Cosmetics makers are not required to disclose the ingredients in their products, and there is no legally required testing to make sure they are safe.

Proposed action: Support pending legislation that would require ingredient disclosure, adverse-event reporting and good manufacturing practices. [Referred]

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn