SSN: Not a candidate for patient IDs

A resolution forbidding the American Medical Association to use Social Security numbers in its internal membership records came up for consideration at this year’s AMA annual meeting. It was an indication of how far the Social Security number has fallen from medical professionals' favor.

The AMA resolution, introduced by the AMA Medical Student Section, cited the potential for identity theft as the reason for abandoning use of the Social Security number in the association’s records. It was referred to a committee for further study.

The association had already taken the position that the government should not mandate use of Social Security numbers or any other unique number to identify patients, “as it might permit unfettered access by governmental agencies or other entities to confidential patient information,” the AMA said.

Another association, the American Hospital Association, first recommended against using Social Security numbers as a patient identifier many years ago, said Margret Amatayakul, an independent consultant on electronic health records in Chicago.

Amatayakul says few hospitals and physicians’ offices use the numbers as their medical records identifier. Those that do have sometimes encountered problems when patients gave false numbers. Increasingly, she says, state laws – especially in California – prohibit the use of Social Security numbers as patient identifiers.

A decade ago, a survey found that 71 percent of health insurance plans were basing the individual identifier on the member's Social Security number. This happens less often now because of public opinion and laws like California’s.

Today, however, when architects of the planned National Health Information Network are seeking to make a patient’s medical records available to authorized individuals over the Internet. Using a unique ID number that has already been issued to all Americans might simplify that task.

The trouble is, the experts say, that Social Security numbers are no longer unique. Although a different number is issued to each newborn child, many of the numbers have been stolen by criminals, illegal aliens and people wishing to hide their true identities. Amatayakul says duplication sometimes occurs when patients refuse to provide their Social Security numbers and the hospital or doctors’ office makes up a substitute number that is the same length.

Not only is the number subject to duplication and unauthorized use, says Peter Swire, a law professor at the Ohio State University and former White House privacy czar, but Social Security numbers are used today as identifiers and passwords or personal identification numbers. The overlap of these functions is inherently insecure, Swire said.

What’s more, he added, Social Security numbers “are just bad on a technical level.” Unlike credit card numbers and other ID numbers with hidden characteristics that can reveal whether a number is valid, Social Security numbers cannot be validated with built-in logic, Swire said.

Reliance on a single national health ID number is a bad idea because it potentially is a single point of failure in the national health network, he added. “Centralization is brittle,” Swire said. Instead, a federated model – where institutions issue their own patient IDs and then match them – will be more flexible and adaptable over time.

“It would be a shame to make a generational shift to known lousy technology” as the National Health Information Network takes shape, Swire said.