For medical care providers, it is essential to have accurate and up-to-date information for identification purposes -- not only to ensure that the proper treatment is given to a patient but to correct important administrative errors. This article covers issues related to the collection of social security numbers ("SSNs") of patients and prospective patients.
SSNs Make Patient Identification Easier
In many cases, health clinics and medical offices will have multiple patients with the same (or incredibly similar) names. You might have more than one "John Smith", for example, since it is a common name, and you will need to be able to distinguish between them. In some situations - such as an urgent or emergency situation - if a patient is misidentified or there is a confusion as to which patient is seeking treatment, precious diagnosis and treatment time could be lost.
Birth dates are helpful but there have been instances where two patients have the same name and birth date. The likelihood of these patients also sharing the same address is low but remember that residences can change. An SSN, however, will not. Along with the birth date, a patient's SSN will remain the same. Unlike birth dates, someone's SSN is guaranteed to be unique to that person. Note that it is the entire SSN that is unique. Multiple people could share parts of the numerical string so just using the last four digits of an SSN would not be as helpful as using the entire number.
SSNs Improve Data Integrity
Because of their unique nature, SSNs provide reliable patient identification information. Apart from the possibility that the wrong treatment could be administered if a patient is incorrectly identified, there are other reasons why we want solid patient identification, including:
Accurate Patient Records
There have been cases in which patient records have accidentally been merged. For instance, if you have a son named after his father and both are patients of the same clinic or medical practice, a records system might not be able to distinguish the two and will treat them as duplicate entries. This is especially true if father and son share the same address because they live together. This error could have consequences not only on statistics for analysis but on the accuracy of diagnoses as well.
Incorrect Insurance Information
If you misidentify a patient at the billing stage, you may receive incorrect information about the patient's insurance eligibility or amount of coverage -- or even invoice the wrong carrier. This could result in an incorrect denial (or acceptance) of coverage, which could possibly lead to delayed or incorrect reimbursement. If the wrong patient is billed and the bill is sent to collection, this person's credit could also be jeopardized.
Patients May Be Wary of Providing SSNs
Given the seriousness and danger of identity theft or fraud, it makes sense if some patients feel uncomfortable providing their SSNs. Electronic data and confidentiality breaches ("hacking") of seemingly well-protected companies and services - such as financial institutions and popular sites like Facebook - can be devastating. Patients may also worry that it would be possible for an unauthorized individual - a disgruntled employee or someone unrelated to the practice - to find and improperly use SSN information. They may also worry that their SSNs will be used as patient identifiers; that is, that their SSNs might end up being an account code that would show up in correspondence and could be easily discovered by the wrong people.
Patients may not know that medical and personal identifying information used to seek treatment is protected under the Health Insurance Portability and Accountability Act ("HIPAA"). This statute contains rules as to how and how much information can be used, with whom the information can be shared, and information security safeguards - physical and technological - to prevent improper disclosure of patient records and information.
SSN Best Practices
Some of the requirements of HIPAA include:
Physical Safeguards
Such as limited authorized access to the facility and records and making sure that no confidential patient information (like an SSN or birth date) is visible through the envelope of sealed correspondence.
Technical/Technological Safeguards
Such as controlled access to electronic data via computer user IDs, encryption/decryption and protected transmission of information, automatic log off, and special procedures for emergency access.
Information Management
Such as tracking logs, audit reports, information backup and recovery, and implementing measures to prevent information being altered or destroyed.
Limited Usage
Patient information is only to be used by medical facilities with health insurance carriers and other medical facilities for the purpose of providing medical care. In addition, you can only use as much patient information as is necessary to ensure proper patient identification.
Follow the HIPAA Privacy and Security Rules stringently. It may also be a good idea to let patients know about the security measures put in place to protect their information and to outline why they need an SSN and under what circumstances it would be used. Here are some suggestions:
- Include with your intake forms a clear, "plain English" explanation sheet prospective patients can read and/or take with them.
- If a patient asks - or shows concern about providing an SSN, give a verbal explanation.
- Print out the explanation and put it up in the waiting area (or anywhere with public access, if practical) so that patients can read and or be reminded.
In most cases, patients will be more comfortable providing their SSNs if they are reassured that their personal information is safe and only used as necessary.
