Recent OIG report reignites call for CMS to drop SSNs from Medicare IDs

Citing a report issued earlier this month by the U.S. Department of Health & Human Services' Office of Inspector General, Republican leaders of two key subcommittees of the House Ways and Means Committee are urging the Centers for Medicare & Medicaid Services to stop using Social Security numbers in identifying Medicare patients.

U.S. Reps. Sam Johnson (Texas), chairman of the Social Security subcommittee, and Wally Herger (California), chairman of the health subcommittee, made the argument in a letter dated Oct. 22.

It's not the first time the point has been made. The Government Accountability Office said in an August report that 48 million beneficiaries risk having their identification stolen because their Social Security numbers are on their Medicare cards. The Social Security Administration also has urged CMS to issue beneficiaries unique patient identifiers that do not incorporate Social Security numbers.

"Seniors are urged not to carry their Social Security card to protect their number, but at the same time they need to carry their Medicare card at all times to get healthcare," Johnson said in the letter. "This makes no sense. This report is a wakeup call for CMS to heed the advice of its own Inspector General and take immediate action to develop a new system for protecting seniors from medical identity theft."

Johnson and Rep. Lloyd Doggett of Texas introduced a bill earlier this year to remove Social Security numbers from Medicare cards. The Medicare Identity Theft Prevention Act remains in committee.

In its report from earlier this month, the OIG noted that CMS reported 14 breaches of protected health information affecting 13,775 beneficiaries between Sept. 23, 2009 and Dec. 31, 2011, but failed to follow all the required steps of handling data breaches. Over time, the information of 284,000 beneficiaries and 5,000 providers may have been compromised or made vulnerable to compromise, according to a contractor-maintained CMS database.

OIG recommended CMS take several steps to improve its handling of data breaches, including providing more consistent assistance for victims of medical identification theft, and develop a method for reissuing ID numbers of those whose medical information is stolen.

"While CMS agreed with the OIG recommendation that it issue a new identification number when a beneficiary's has been compromised, actions speak louder than words," Herger wrote in the letter. "Though years of CMS indifference and delay make me skeptical, my hope is that this report finally persuades the agency to stop use of the SSN as the Medicare identification number."

CMS maintains that removing Social Security numbers from Medicare numbers is prohibitively expensive and not realistic given the number of beneficiaries and challenging "operational and systems issues," according to the OIG report.

To learn more:
- read the letter

Suggested Articles

Data and analytics company Health Catalyst reported fourth-quarter 2019 revenue grew 21% to $43.5 million, beating Wall Street estimates.

Key lawmakers are fed up with what they see as poor VA leadership over a new Cerner EHR system and vowed to take tighter control of the project.

The latest report from The Leapfrog Group, an independent hospital safety watchdog group, looked specifically at surgical volumes of 2,100 hospitals.