According to this article, all it took was for one employee not to follow procedure with encryption and we have a potential mess, this one with physician information and not patient data though.  Talk about a bit of an inconvenience, physicians having to apply for a new tax ID, this has to just sit real well with physicians – NOT.  This also makes a case for a good reason to get away from using a social security number as your ID as well.  BD

The largest health insurer in Massachusetts is warning roughly 39,000 physicians and other health care providers in the state that personal information, including Social Security numbers, may have been compromised after a laptop containing the data was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago.

Murray, the Massachusetts Blue Cross-Blue Shield spokeswoman, said the breach has prompted the insurance company to review its security procedures, and a top priority will be to persuade state physicians and other health care providers to apply for a new tax ID number that is not the same as their Social Security number.

She also said the company will be adding more encryption coding to the information that it sends the national affiliate.

Smokler said the data breach was perhaps the most serious for Massachusetts physicians and other providers because they typically use their Social Security number as their tax identification number. Physicians in most other states, he said, choose separate tax ID numbers.

Blue Cross physicians warned of data breach - The Boston Globe