Anthem Blue Cross and Blue Shield in New Hampshire warned about 10,000 local physicians, dentists and other providers their Social Security numbers may be in a file that a national-level employee transferred to a personal laptop computer that was later stolen.

Blue Cross Blue Shield Association said the employee's actions violated its data security policies and were not authorized. The company took full responsibility for the incident, Anthem Blue Cross and Blue Shield in New Hampshire said yesterday in a letter it mailed its local providers.

"It's critical to stress the breach did not happen at Anthem Blue Cross Blue Shield in New Hampshire. It occurred at the national level," Anthem Blue Cross Blue Shield spokesman Christopher R. Dugan said.

The breach also did not involve any member health information or personal health information, Dugan said.

Blue Cross Blue Shield Association recently notified Anthem Blue Cross and Blue Shield in New Hampshire, its local licensee, of the breach, the letter said.

A national level employee transferred provider data -- including providers' names, addresses, tax ID numbers, Social Security numbers and National Provider identifiers -- from the BCBSA Provider Data Repository to a personal laptop to complete work-related analyses, the letter said.

Anthem Blue Cross and Blue Shield has been assisting the national association with identifying New Hampshire providers impacted by the breach, Dugan said.

"We have notified approximately 10,000 providers (including dentists and mental health providers) in the state because we are erring on the side of caution to protect the providers and ensure they have access to credit monitoring and are more aware of any suspicious activity," Dugan said.

Palmer P. Jones, executive vice president of the New Hampshire Medical Society, said the breach would affect any provider who bills Anthem Blue Cross Blue Shield. This would include physicians, registered nurse practitioners, nurses, podiatrists and opticians.

Providers have been using their Social Security numbers to bill the insurance company, Jones said. Many companies are moving to a National Provider identifier, he added. But the transition has been slow and both numbers are in a provider's file, Jones said.

"That is the biggest concern our members have right now," Jones said of Social Security numbers being revealed. The society represents about 2,200 licensed New Hampshire physicians.

Blue Cross Blue Shield Association is offering affected providers free credit monitoring for one year.

That did little to calm one New Hampshire doctor who said this is the fifth time her personal information has been lost or revealed by an insurance company, Medicare or a state licensing board.

"It's unconscionable. Federal law protects patient health information. There needs to be a way to protect providers from this kind of breach of privacy," said the doctor, who spoke only on condition her name not be used because she feared that would make her a greater target for identity fraud.

Providers must supply insurance companies and Medicare with their Social Security and other identifying information in order to bill them for services, the doctor explained.

"If that is revealed, we have no recourse other than to monitor our credit," she added.

"This is only the tip of the iceberg that is only affecting doctors this time. If we go to an electronic health system, I'm worried it will expand to health information and private information about patients," she said.

Jones said he believes the laptop was stolen about three weeks ago.

"The question we all have is, why did they wait so long to notify people?" he asked.

While Anthem Blue Cross and Blue Shield did not specify when the theft was discovered, Dugan said: "It took the association some time to get us the data and the codes needed for credit monitoring."