Think twice before giving your Social Security number to your doctor
When completing personal history forms at many doctors’ offices, it is not uncommon to be asked to provide your or another family member’s Social Security number (SSN). Given the increased news coverage of high profile data breaches and efforts to protect one’s personal information from hackers, many people wonder whether they should provide their SSN to doctors and other healthcare providers.
Should you give your doctor your SSN?
Unlike bank loan applications and tax returns where you are required to provide your SSN, there are few, if any, instances nowadays where a person is required to provide his or her SSN to a healthcare provider. Until recently, Medicare recipients were required to provide their SSN to their doctors because it was included in their Medicare identification number. This changed in April 2018, when Medicare began mailing out new cards to its participants that do not list their SSN. Other government healthcare insurance programs (including Medicaid and CHIP) have also switched to other methods that do not incorporate a participant’s SSN. Such changes acknowledge the potential vulnerability that patients face when their SSNs are shared with others.
According to the HIPAA Journal, between 2009 and 2017, there were 2,181 reported healthcare data breaches that resulted in the theft or exposure of 176,709,305 healthcare records. This equates to more than 50 percent of the population of the United States. Moreover, nearly half of all healthcare organizations that responded to a 2016 survey by the Ponemon Institute stated they had little or no confidence that they could detect the loss or theft of patient data, and that most of them lacked the budget to secure their data.
In fact, the American Medical Association issued an “Identity Fraud” policy [H-190.963] nearly a decade ago stating:
Our AMA policy is to discourage the use of Social Security numbers to identify insureds, patients, and physicians, except in those situations where the use of these numbers is required by law and/or regulation.
What to do if your doctor asks for your SSN
Yet with all this information available to healthcare providers and the general public, many providers continue to ask for patients’ SSNs. As always, it is a patient’s decision whether to share his or her SSN with their doctor. Before doing so, it is prudent to ask the following questions:
- Why is your SSN being requested?
- How will your SSN be used?
- What law requires you to provide it?
- What practices are in place to secure against improper access to your SSN?
- What are the consequences if you refuse to provide it?
Providers also need to consider whether it is worth asking for and maintaining a patient’s SSN. Providers are obligated to ensure that patients’ SSNs are adequately secured from potential breaches and could be held liable if such a breach occurs.
A thief who obtains your SSN can file fraudulent tax returns in your name, open credit cards, and obtain official documents such as a passport or driver’s license. And unlike the theft of a credit card or bank account number that generally can be remedied by closing the account, any attempt to remedy the damage caused by the theft and improper use of your SSN is an arduous task.
So before sharing your SSN with your doctor - or any outside party - be careful and consider the potential consequences. Based on the available data discussed above, we should all think twice before sharing our SSN with anyone other than those with whom we are legally required.