Lawmakers blast Medicare for using Social Security numbers on IDs
■ Creating new identifiers for beneficiaries would cost Medicare more than $800 million and represent another challenge for processing claims.
By Charles Fiegl amednews staff — Posted Aug. 9, 2012
Washington House members sharply criticized the agency overseeing the Medicare program for not removing Social Security numbers from beneficiary identification cards, even though the practice exposes patients to identity theft.
The Centers for Medicare & Medicaid Services insists it is committed to protecting patient privacy. But changing the identification system would take up extensive cost, time and staff, a CMS official told the House Ways and Means Committee during an Aug. 1 hearing.
CMS inaction on removing Social Security numbers from patient cards has frustrated lawmakers. The Government Accountability Office in 2002 had recommended that the agency use different identification numbers, and the House has adopted legislation in recent years mandating the change.
The Veterans Health Administration and other agencies have removed Social Security numbers from their beneficiary cards, and CMS should be able to do the same, said Rep. Sam Johnson (R, Texas). He called on Tony Trenkle, CMS chief information officer and director of the agency’s office of information services, to explain why CMS still is relying on Social Security numbers, but he was not satisfied with Trenkle’s answers.
“Democrats and Republicans working together on this committee have become upset about the empty words,” Johnson said. “It’s outrageous that you’re kind of thumbing your nose at Congress and seniors. I can only conclude that CMS is busy doing other things besides protecting the privacy of seniors and integrity of Medicare.”
CMS had issued a report in 2006 on options for replacing the cards, but it has yet to commit to a plan. In a November 2011 report, CMS provided an update on estimates for revising the cards.
The agency presented three scenarios for removing Social Security numbers. One would involve issuing new cards with a Medicare beneficiary identifier, but CMS internal systems would translate the new number back to the old number when processing claims.
Another scenario would require new numbers but rely on physician practices to look up the old identifiers based on Social Security numbers. CMS acknowledged that this would place a significant burden on practices and hospitals.
The third option involves obscuring the first five digits of Social Security numbers on cards. CMS would continue to use the full numbers for administrative purposes.
Currently, patient Social Security numbers are used for 50 CMS systems and to communicate with other federal agencies. Changing patient identifiers and ensuring a smooth transition to the new cards would cost between $812 million and $845 million.
The GAO says replacing cards with new identifiers would offer beneficiaries the greatest protection against identity theft. Auditors also questioned the CMS cost projections, which the Medicare agency said it would work to refine by November.
Rep. Jim McDermott, MD (D, Wash.), predicted that the change would cause chaos among physicians and other health professionals caring for Medicare patients. Physician practices would need new patient IDs to bill medical services.
“What would you guess as a percentage [of patients who] would not get that number in or would not have that card in their pocket when they got sick or got hit by a car?” Dr. McDermott asked.
The impact of the change on physicians is difficult to measure, but new cards would mean a substantial change for doctors, Trenkle said.
Removing Social Security numbers is long overdue, because identity theft in the health care industry is a huge problem, said Dennis Jay, executive director of the Coalition Against Insurance Fraud. “Having your Social Security number out there is not a good idea.”
Removing the number would create an extra roadblock to stealing identities from vulnerable populations, Jay said. However, another number would replace it, and perpetrators who gain access to new cards still could find a way to defraud the system. A number might not be needed in future years if biometrics could be used to identify patients, he added.