Contact Us Join Site Map Login/Logout Home
Advanced Search
Your Practice |
About MSMS | Member Services | Education | Advocacy | Health Care Issues | Your Practice | News/Reports

 Your Practice |
  Arrow Your Practice Home
  Arrow Reimbursement Advocacy
   Arrow Reimbursement Advocate Alert Archives
  Arrow Coding Assistance
  Arrow Contracting Toolkit
  Arrow Practice Partners
  Arrow Legal and Regulatory
  Arrow HIPAA
  Arrow Health Information Technology
  Arrow Order Health Care Forms
   Arrow CMS
  Arrow Risk Management
  Arrow Physician Recruitment
  Arrow Starting a Practice
  Arrow Medical Group Managers
            
Tool BoxTool Box
Facebook MSMS Homepage
Facebook Health IT
Facebook Action Center 
Facebook Reimbursement Advocate
Facebook MSMS Foundation
Facebook Monthly Top Ten
Facebook Join MSMS
Facebook Insurance Services
Facebook Career Opportunities
Facebook MSMS Staff Directory
Facebook MSMS Member Directory Search
Facebook MSMS Event Photos
Facebook Follow MSMS on Twitter
Facebook Become a Fan
Print this page
Text Only page
Home Your Practice

MSMS Brings National Attention to BCBSA Data Security Breach Reparations

Click Here for Frequently Asked Questions about the Data Breach 

During the recent AMA Interim Meeting, the Michigan Delegation to the AMA submitted a resolution related to the national Blue Cross Blue Shield Association's (BCBSA) data security breach. The resolution--written by MSMS as a late, emergency resolution--asked for further explanation of the breach, information about whether illegal credit activity has been suspected, and an extension of BCBSA’s credit protection for the victims (at least five years), among other things. The resolution (#817) was adopted. Read the final resolution.

In addition, MSMS asked Daniel J. Schulte, JD, of MSMS Legal Counsel Kerr, Russell & Weber, PLC, to determine whether any laws have been broken, as well as legal options for affected physicians. Following is his statement:

"The BCBSA security breach did not involve patient data.  Because patient data was not breached the terms and conditions of HIPAA's Security Rule do not apply.  However, the BCBSA and BCBSM are acting as though the Security Rule did apply.  They have given the required notice to all parties whose information was breached, have offered these individuals credit monitoring services free of charge and $25,000 in identity theft insurance coverage.  The giving of notice to the affected individuals is all that is required by Michigan's Identity Theft Protection Act.
 
"For the following two reasons, in my opinion, a action or other lawsuit against BCBSA would be unproductive.  First, it is has been reported that BCBSA has employee policies in place that prohibit the downloading of data on a personal computer (as was done by the BCBSA employee whose computer was stolen).  The news reports also indicate that the employee is being disciplined in accordance with established policy.  Given these facts, proving BCBSA was negligent in its securing of the data would be difficult.  Second, to my knowledge, no one has suffered an actual economic loss that could give rise to damages that could be recovered in a lawsuit.  There is no statute that provides for penalties or damages as a matter of law.  Any plaintiff would have to prove actual economic loss to be recovered as damages.  I will continue to monitor developments for facts which might reasonably cause us to view this situation differently."

MSMS will continue working with the AMA and the other state medical societies to leverage action by the national association.

Background:
Individual Blue Cross plans, including BCBSM, recently began notifying physicians in a letter [pdf] about the national Blue Cross Blue Shield Association’s (BCBSA) recent report of a data security breach. The breach occurred when a BCBSA employee’s laptop computer was stolen from the employee’s car. Authorities believe the laptop–and not the data stored on it–was the motive behind the theft.

The BCBSA employee reportedly violated BCBSA’s data security policy when the employee made an unauthorized data transfer to the laptop. This included names, addresses, taxpayer ID numbers, Social Security numbers, and NPI numbers of physicians and other health care providers. Approximately 850,000 physicians and other providers were affected. Social Security numbers of 187,000 providers were included in the data. In Michigan, 38,000 Blue Care Network and BCBSM providers were impacted.

BCBSA is providing free credit monitoring services for one year to those physicians whose SSNs were stolen. The service will be provided by Consumerinfo.com, Inc, an Experian company. The letters sent to providers include instructions on how to activate the monitoring membership (daily monitoring, alerts to credit report changes, access to fraud resolution representatives and $25,000 in identity theft insurance coverage). In addition, BCBSA and BCBSM are reviewing additional steps that need to be taken to ensure that this type of situation does not occur again and that provider identifying information is secure.

Physicians who did not receive letters may call BCBSM toll-free at 877-258-0167 to determine whether their information was included in the unauthorized data transfer.

For more information about this issue, contact Stacie Saylor, CPC, at MSMS at 517-336-5722 or ssaylor@msms.org.  

 

120 West Saginaw Street, East Lansing, Michigan 48823  Tel: (517) 337-1351  eMail:   msms@msms.org
©2009 Michigan State Medical Society (MSMS). All rights reserved.  Site powered by IMIS.