Without A Universal Personal Identifier, Healthcare Is Awash In Social Security numbers

Mike Miliard | Healthcare IT News | October 23, 2014

'Our EMR is designed so you can't get past the system unless you have their Social Security number in that field'

The healthcare industry is swimming in Social Security numbers, thanks to the necessities of patient record management systems. But balancing those requirements with fraud mitigation and privacy protections is proving a big challenge.  That's according to a LexisNexis Risk Solutions study published this week, which examines four different industries' reasons and methods for collecting, storying and using personal identification information, or PII.

The report looks at the practices of healthcare, financial services, retail and government – taking stock of these sectors' varying approaches to identity verification and consumer behavior.  As for healthcare, the study finds that providers and payers have to collect and secure sensitive PII from their patients – many of whom aren't keen to share their SSNs to begin with – and thus increase their liability in the case of a breach.  Meanwhile, "The industry currently lacks an easy, uniform way to identify patients and link them to their health data, doctors, hospitals, pharmacies and insurance plans, which is creating a wall of unrelated patient identity numbers bogging down the medical records system," according to the report.

Addressing healthcare's dependence on SSNs would call for more comprehensive tools, such as a universal healthcare ID, it points out, "but a lack of national appetite for such a system limits the chances of these tools gaining traction at a national level."  As such, healthcare organizations have had to turn to the "collection of the SSNs from patients instead."  As with the financial services industry, PII data collection in the healthcare is driven heavily by regulations. Unlike the that industry, however, those rules – HIPAA and the ACA, most notably – are focused on ensuring patient privacy rather than deterring fraud or illegal activities, according to the LexisNexis report...