Using the SSN as a Patient Identifier

There has been considerable discussion on the multiple uses to which the Social Security number (SSN) has been put, primarily as a result of the increase in identity theft. This article examines SSN uses within the healthcare industry, its inappropriateness for most of these uses, and alternative forms of identification that may be used in its place.

History of the SSN

The Social Security number was not designed as a universal identifier. It has simply evolved to its present status, where it seems to function as one. Even acting inspector general of the Social Security Administration Patrick P. O’Carroll acknowledged as much in his testimony to the House Ways and Means Committee’s Subcommittee on Social Security on June 15, 2004. "I would like to begin my testimony today with a simple declaration: The SSN is a national identifier," O’Carroll said. "In past years, many would challenge that statement. Today, we live in a changed world, and the SSN’s role as a national identifier is a recognized fact. Unfortunately, with that knowledge, we must also accept that because the SSN is so heavily relied upon as an identifier, it is a valuable commodity for lawbreakers."1

Clearly, the role of the SSN has changed significantly over the years from its beginning as a number under which a citizen enrolled for Social Security benefits upon retirement to a number that essentially functions as a national identifier. The following timeline highlights just some of the extensions of use of SSN as a general identification number:

1935 The Social Security Act is passed, with the SSN developed as a method for tracking earnings.
1936 First batch of SSNs issued.
1943 Executive Order 9397 requires SSNs to be used for identifying all individuals registered with the Social Security Board.
1961 The Civil Service Commission adopts the SSN as the official federal employee identifier.
1962 The Internal Revenue Service adopts the SSN as the official taxpayer identification number.
1965 Medicare is enacted and requires that beneficiaries have a Social Security number.
1966 The Department of Veterans Affairs (then the Veterans Administration) begins using the SSN as the patient identification number.
1967 The Department of Defense adopts the SSN as the identification number for armed forces personnel.
1970 Banks, credit unions, savings and loan associations, and securities brokers are required to obtain a Social Security number for all customers.
1971 The Social Security Administration recommends taking a "cautious and conservative position" toward SSN use and that nothing be done to promote the use of Social Security numbers as a general identification number.
1974 The Privacy Act is enacted, beginning to limit government use of the SSN.
1976 The Tax Reform Act of 1976 allows states to use the SSN in the administration of any tax, general public assistance, and driver’s license or motor vehicle registration laws within their jurisdiction.
1977 The Food Stamp Act of 1977 requires all household members disclose SSNs as a condition of eligibility for participation in the food stamp program.
1981 The Reagan administration states that it is "explicitly opposed to the creation of a national identity card" but recognizes the need for a means for employers to comply with the employer sanctions provisions of its immigration reform legislation.
1986 The Tax Reform Act of 1986 requires individuals filing tax returns to include the taxpayer identification number--usually the SSN--of each dependent age five or older. The Commercial Motor Vehicle Safety Act of 1986 (PL 99-750) authorizes the Secretary of Transportation to require the use of the SSN on commercial motor vehicle operators’ licenses.
1996 The Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (Welfare Reform) requires the Commissioner of Social Security to develop and submit to Congress a prototype of a counterfeit-resistant Social Security card that is made of durable, tamper-resistant material (e.g., plastic); employs technologies that provide security features (e.g., magnetic stripe); and provides individuals with reliable proof of citizenship or legal resident alien status.
1998 The Identity Theft and Assumption Deterrence Act of 1998 makes identity theft a crime, subject to penalties. It defines "means of identification" to include name, Social Security number, date of birth, official state or government issued driver’s license or identification number, alien registration number, government passport number, and employer or taxpayer identification number. It also establishes the Federal Trade Commission as a clearinghouse to receive complaints, provide informational materials to victims, and refer complaints to appropriate entities, which may include credit bureaus or law enforcement agencies.2

SSN Use in Healthcare

Social Security numbers are widely used in healthcare, which has led to a growing concern over possible abuses, including identify theft. Instances of identity theft in healthcare has prompted the Office of the Inspector General (OIG) to assess hospitals’ use and protection of SSNs and potential risks associated with such use. OIG will issue a report to the Social Security Administration this year that will include recommendations to enhance SSN integrity. OIG has performed similar reviews in other industries, including a nationwide review of universities’ use and protection of SSNs.

The danger of identity theft in healthcare settings is illustrated by the following cases:

  • A California man who entered the hospital for emergency surgery was the victim of identity theft when hospital personnel copied his SSN and name from the front of his medical file.
  • A former University of Chicago Hospital employee may have stolen the identities of as many as 85 former patients, many on the basis of SSNs.3 This case was subsequently expanded, and a total of 11 defendants named.4
  • Triwest Healthcare Alliance instituted a formal identity theft prevention program after several of its Tricare beneficiaries were the victims of identify theft in 2003.5 This project was expanded to become Military Sentinel, a project of the Federal Trade Commission and the Department of Defense that addresses identity theft among members of the armed forces and their families.6

Identity thieves can use SSNs to get other personal and financial information. Typically they use the numbers and the victim’s good credit to apply for more credit in the victim’s name. They then buy items with the credit cards and do not pay the bills. Victims often do not find out about the theft until they are turned down for credit or begin to get calls from unknown creditors demanding payment for items they never bought.

The Federal Trade Commission is the federal government clearinghouse for monitoring identity theft. The Social Security Administration is also concerned about identity theft that is directly related to inappropriate use of the SSN. It may even issue a new Social Security number if the identity theft victim is not able to achieve resolution.

In an interview, a representative of the Federal Trade Commission offered the following insights:

  • The Social Security number is the most powerful piece of information about a person.
  • Some companies are taking the initiative in identity theft prevention. IBM told their health insurers they had to change their patient IDs or the company would not contract with them.
  • SSN use is an issue in the academic world as well, because it is sometimes used as the student ID number. (As noted before, the academic world led OIG to begin investigations into identify theft and misuse of SSNs.)
  • There are several federal proposals requesting that the SSN not be displayed on insurance cards, driver licenses, and other forms of identification.
  • Not many of the reported complaints so far are described as "medical" or healthcare related.
  • We need to be "limiting" accessibility to the SSN.

Challenges to Removing the SSN from Healthcare

There are major, perhaps insurmountable, challenges to removing the SSN from the healthcare environment. Among them are the following:

The frequency of use of the SSN as a patient identifier. Next to name, address, sex, and birth date, the Social Security number is probably the most frequently collected piece of information. Many hospitals and other healthcare providers use the SSN as the primary patient identifier, although providers are finally beginning to migrate to other numbering systems. Although the number of providers routinely collecting this data element is slowly declining, it is still a dominant piece of information. Indeed, some providers still use the SSN or a substitute as the medical record number.

The SSN is frequently used as a subscriber identifier by insurance companies. It is thus inextricably linked to the reimbursement process. This link to reimbursement will likely be the greatest impediment to change; however, changes to the reimbursement systems are not without precedent. Insurance companies have traditionally resisted any changes in the data elements collected in the reimbursement process because of cost.

The Social Security number has traditionally been a part of the Medicare Health Insurance Claim number, although inconsistently. The widow of a beneficiary who does not herself have Medicare, for example, may have her late spouse’s SSN as her Medicare Health Insurance Claim number. Again, the use of the SSN in this context is intimately tied to reimbursement. However, inaccuracies in the recording and reporting of the claim number constitute the number-one reason that Medicare claims are returned to the provider, suggesting that another, perhaps less cumbersome, numbering system might be more appropriate.7

Virtually all algorithmic identification systems make some use of Social Security numbers, and none work as well without the SSN.

An Action Plan for Secure Patient ID

In view of the ongoing activities to eliminate or curtail the use of SSNs in healthcare, the following action plan is recommended for all providers who still collect this information:

  • Providers in all settings and regional health information organizations (RHIOs) should reevaluate their collection of Social Security numbers and ensure that they are using them for federal requirements only.
  • Each provider should review current access to Social Security numbers among staff to ensure that only those who have true need for the information have access to it. Generally, only staff directly involved with reimbursement require access to SSNs, which would include billing, credit and collections staff, and preadmission certifiers. All other staff should be required to provide reasons why they need access to the numbers prior to being given it.
  • RHIOs in the formative stages should plan to use another form of patient identification from the outset, rather than attempt to change at a later date. The articles of organization should require that all participating providers and other organizations (e.g., health departments, school systems, community pharmacies) adopt a patient identifier other than the SSN.
  • If following comprehensive review a provider decides that there is no alternative but to use the SSN, it must implement and maintain an effective, ongoing program of risk assessment and security review.
  • If the SSN is adopted as a standard data element, it should not be the only identifier used.
  • Within a RHIO or other cross-jurisdictional data-sharing organization, the SSN should not be shared with other users.
  • To protect patient confidentiality, SSNs should be displayed in the same way that a credit or debit card number is printed on a receipt (e.g., XXX-XX-1432). Alternatives include dropping off the last or first digit and reformatting the numbers from the familiar 3-2-4 format to something that looks less like a SSN, such as a 3-3-3 format or a 3-6 format.

Options for Patient Identification

Patient identification is an inexact science even now. Much of the problem is related to training registration personnel to ask consistent questions. Ask the following questions when reviewing your organization’s patient identification process:

  • If not the Social Security number, what other piece of identifying information are we to collect?
  • How do we ask the question to ensure that we obtain the information that we want?
  • Who can overhear the questions? Is the information-gathering environment itself truly secure?
  • How do we protect confidentiality in this setting?
  • How do we train the staff in the importance of accurate data capture? This has been a problem for many years and is nothing new. But any time a new data element is introduced, errors are likely to proliferate.
  • How do we train the beneficiary? Beneficiaries are used to giving their SSNs as part of the process.
  • With what do we replace this information?

Biometrics seem the most promising. Among the widely available types of biometrics are fingerprint scanning, iris scanning, and retinal scanning. Biometrics are currently being used for patient identification in three provinces of South Africa, with fingerprints the biometric of choice.8 This appears to be a very sophisticated centralized system that involves the establishment of a central "infomediary" that collects and references key medical information on behalf of a patient. The plan has been operational since May 2005.

Smart cards have been used with some success in Europe and in the US. The Robert Wood Johnson University Hospital-Hamilton has issued more than 60,000 smart-type health cards that include both patient demographic information and some information about previous encounters.9 In Oklahoma City, Beverly Hospital and Addison Gilbert Hospital are issuing medical smart cards as part of a program designed to make hospital registration faster and more efficient. With nearly 500,000 cards being distributed within the next year, they are probably the first private hospitals in the US to issue smart cards to all patients.

Is a Universal Identifier Necessary?

There is a widespread assumption that some sort of universal identifier is necessary for a regional health information-sharing network to function. This, however, may not actually be the case. There are other means of identifying patients that do not require a universal identifier. Universal identifiers may not work for several reasons:

  • Culture--most people in the US do not want a universal identifier number.
  • Finance and logistics--developing, maintaining, and administering such a system would be extremely expensive. A comparable system to the Social Security Administration would require at least as many numbers as the Social Security Administration has and at least as many safeguards. Other concerns to consider in implementing a universal identifier number include whether there’s   a computer system big enough to handle it. How will the numbering system be developed? Who will develop it?   How much will its development cost? Who will own the numbering system (e.g., its developer,   the federal government)? Who will determine who gets a number? Who will establish criteria for access to healthcare?
  • Expediency--waiting for the development of such a system would delay the implementation of regional healthcare information sharing by years. There is a need for information sharing now, and many forces are at work toward implementation of a national information-sharing framework.
  • Privacy--whether the universal identifier is the SSN or another number, linking all data through one identifier significantly increases chances for identify theft and inappropriate data release.

Notes

  1. O’Carroll, Patrick. "Statement of Patrick O’Carroll, Acting Inspector General, Social Security Administration." Testimony before the Subcommittee on Social Security of the House Committee on Ways and Means, June 15, 2004. Available online at http://waysandmeans.house.gov/hearings.asp?formmode=view&id=1639.
  2. Social Security Administration. "History: Social Security Number Chronology." Available online at www.ssa.gov/history/ssn/ssnchron.html.
  3. Helliker, Kevin. "A New Medical Worry: Identity Thieves Find Ways to Target Hospital Patients." Wall Street Journal, February 22, 2005.
  4. US Department of Justice. "11 Defendants Indicted in Identity Theft Ring for Stealing Information from Patients’ Records and Looting Bank Accounts." Press release, May 12, 2005. Available online at www.usdoj.gov/usao/iln/pr/chicago/2005/pr0512_01.pdf.
  5. Fight Identity Theft. "Triwest Healthcare Alliance--Identity Theft Alert." Available online at www.fightidentitytheft.com/2003_JAN22_triwest_healthcare.html.
  6. Military Sentinel information available online at www.consumer.gov/military.
  7. Mutual Medicare. "Top Ten Claims Submission Errors 3rd Quarter FY 2004 April-June 2004." Available online at www.mutualmedicare.com/claims/top_10q3.html.
  8. Czernowalow, Martin. "SA Pilots Biometrics in Healthcare." IT Web, June 2, 2005. Available online at www.itweb.co.za/sections/computing/2005/0506021035.asp?A=BIO&S=Biometrics&O=FPT.
  9. "Multi-tech Cards Bridge to Smart Ones." Security, May 7, 2003. Available online at www.securitymagazine.com.

References

Privacy Rights Clearinghouse. "My Social Security Number: How Secure Is It?" Available online at www.privacyrights.org/fs/fs10-ssn.htm.

Social Security Administration. "Report to Congress on Options for Enhancing the Social Security Card." Available online at www.ssa.gov/history/reports/ssnreportc2.html.

US General Accounting Office. "Social Security Numbers: Use Is Widespread and Protections Vary." Testimony before the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives. June 15, 2004. Available online at www.gao.gov/new.items/d04768t.pdf.

Prepared by

Wanda Bartschat, MA, RHIA
Jill Burrington-Brown, MS, RHIA
Susan Carey, RHIT
Jennie Chen
Sally Deming
Stacie Durkin, MBA, RNC, RHIA
Lorraine Fernandes, RHIA
Kathy Giannangelo, RHIA, CCS
Kerry Heinecke, RHIA
Susan Helbig, MA, RHIA
Rhonda Hisle, RHIT
Gwen Hughes, RHIA, CHP
Susan Hull, MPH, RHIA, CCS, CCS-P
Beth Just, MBA, RHIA
Teresa Knox, RHIT
Deborah Kohn, RHIA, CHE, CPHIMS
Dianne Koval, RHIA, CPEHR
Chrisann Lemery, MS, RHIA
Eve-Ellen Mandler, RHIA, MS, CCS
Natalie Nichols-Banks, JD, RHIA
Michele O’Connor, MPA, RHIA
Laurie Peters, RHIT, CCS
Rebecca Ramsey, RHIA, CCS-P
Rebecca Reynolds, MHA, RHIA
Renae Spohn, MBA, RHIA, CPHQ
Melanie Thomas, RHIT
Frank Waterstraat, PhD, MBA, RHIA
Vicki Wheatley, MS, RHIA
Gail Wood, MS, RHIA

Acknowledgment

Kim Byrd

This work was supported in part by a grant to the Foundation of Research and Education of AHIMA (FORE) from Initiate Systems.

Article citation:
AHIMA e-HIM Work Group on Regional Health Information Organizations (RHIOs). "Using the SSN as a Patient Identifier." Journal of AHIMA 77, no.3 (March 2006): 56A-D.