[Med-privacy] Question about Social Security Numbers

Bob Gellman rgellman@netacc.net
Tue, 27 Dec 2005 20:00:02 -0500 

Ed Lawton wrote:

> On Sunday night, NBC Dateline had an excellent segment on a medical 
> patient in Seattle, WA who became an identity theft victim while 
> hospitalized because a lab technician compromised his SSN.  This 
> hospital employee stole the number and used it to make many purchases 
> before being caught.  The patient had to do his own investigation 
> before getting a Seattle reporter to assist him.  The story is on the 
> Dateline web site at the following URL:
>
> http://www.msnbc.msn.com/id/3032600/


I don't know what was in the story, but I hope it mentioned how the 
Justice Department later gutted the HIPAA criminal penalties so much 
that the Seattle ID thief will probably have to be let out of jail.  You 
can learn more about this messy legal issue at

http://prawfsblawg.blogs.com/prawfsblawg/2005/06/how_hipaa_was_u.html

> As I read this story, there was a sidebar blog which mentioned that 
> insurance companies no longer are putting SSNs on their cards which 
> beneficiaries use when seeing physicians.  However, no mention was 
> made of the new law or executive order that mandates this change in 
> procedure.
>
> I'm writing to ask if you or anyone on this list knows specifically 
> where I can find this information.  It is important to me as I too 
> became an Identity Theft victim recently and am still fighting the 
> battles associated with it.  It too affected me due to my patient 
> status and I too had to do much of my own investigative activity 
> because of the lack of law enforcement interest.
>   


I know of no federal law or EO on this point.   That isn't to say that 
there isn't something somewhere, but I haven't heard about it.  An EO 
couldn't do it in any event.

Market and consumer pressure has had some general effect on the use of 
SSNs.  There may be some state laws here too.  You can keep up with 
state laws with Bob Smith's compilation.  Here's a snip from Smith's 
email about his new supplement.  And I have no connection with Smith's 
publication, other than being a friend and colleague of the author for 
30 years.

The new state laws are described and cited in Privacy Journal's 18-page 
2005
Supplement to its popular Compilation of State and Federal Privacy Laws
(2002). It describes and cites more than 200 laws passed recently, 
including
new laws on "security breach notifications," Social Security numbers, ID
theft, covert videotaping, spam, and more. The price is $21 plus $4
shipping, by U.S. mail or e-mail. The 2002 book with the Supplement 
included
costs $31 plus $4. Order from Privacy Journal, PO Box 28577, Providence RI
02908, 401/274-7861, fax 401/274-4747, or by email,
orders@privacyjournal.net. With a credit card, you can download the text at
www.privacyjournal.net.


Bob

-- 
+ + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman                            +
+ Privacy and Information Policy Consultant +
+ 419 Fifth Street SE                       +
+ Washington, DC 20003                      +
+ 202-543-7923        <rgellman@netacc.net> +
+ + + + + + + + + + + + + + + + + + + + + + +