Fax sent by United subsidiary causes security concerns

Physicians fear a company seeking to update its directory might have opened them up to the possibility of identity theft.

By Jonathan G. Bethely, AMNews staff. May 14, 2007.

A UnitedHealth Group subsidiary agreed to stop a nationwide pilot program it was using to update practice information after physicians in New York became concerned about the possibility that their personal information could end up in the wrong hands.

Regina McNally, vice president for the division of sociomedical economics for the Medical Society of the State of New York, said several physicians contacted the medical society during the week of April 16 after they received a fax from Ingenix, a wholly owned United subsidiary that focuses on health care information technology and analysis.

McNally said the fax asked for practice information such as e-mail addresses, fax numbers, and whether the practice was accessible to the disabled. But it also contained the names of physicians and staff members, along with their Social Security numbers, tax identification numbers and DEA numbers.

In addition, McNally said one physician indicated the fax contained the names and numbers of physicians and staff who no longer worked in the practice, and a social worker who has never been associated with the practice. "The physician who received it was quite concerned," she said.

Though no physicians reported any identity theft based on the faxes, they said they were worried about the fax-based dissemination of the information, and what would happen if the faxes got into the wrong hands.

McNally said she sent a written request to Ingenix asking that the company follow up with physicians and offer to pay for credit monitoring services for those affected.