When a medical privacy breach goes down, it's most often the patient who gets notified that their personal information was compromised, not the provider. But that's not always the case. 

 

Some 5,800 doctors at Anthem Blue Cross of California are being notified today that their Social Security or tax identification numbers were posted online by mistake.

 

The PDF documents containing providers' SS and tax ID numbers were posted to Anthem.com for more than 24 hours on Oct. 23, according to Anthem officials. The documents were intended to assist individuals looking for information about physicians in certain provider networks. 

 

[See also: Advocate Health slapped with lawsuit after massive data breach.]

 

"This was an isolated occurrence," said Cindy Wakefield, spokesperson on behalf of Anthem, in a written statement to Healthcare IT News. "Appropriate corrective actions have been implemented, and process improvements for posting provider data online have been reviewed with the team." 

 

Anthem is extending free credit monitoring to the providers affected by the privacy breach. 

 

Back in 2009, in one of the biggest HIPAA breaches ever reported, Blue Cross Blue Shield of Tennessee reported stolen 57 unencrypted computer hard drives from one of the company’s leased facilities. The hard drives contained health information, insurance data and Social Security numbers for 1,023,209 members. 

 

[See also: HIPAA breach is bad news for 729,000.]

 

BCBST paid over $6 million for additional data encryption, and spent nearly $17 million for protection, investigation and member notification. The $1.5 million settlement paid to the HHS was the first enforcement action resulting from HITECH Breach Notification Rule.

 

Since 2009, when the HIPAA privacy and security notification rules went into effect, some 27 million individuals have had their protected health information compromised.