More than a decade after the initial recommendation from the Government Accountability Office, a non-partisan agency designed to monitor the processes and spending of Congress and provide recommendations for improvements, the federal government has made the first moves towards removing Social Security numbers from Medicare numbers and identification cards. The existing numbers, which typically consist of a member’s SSN followed by a letter indicating why the individual is eligible for benefits, will be replaced over the next several years with a random member number similar to what private insurance carriers have been required to use for some time. New Medicare enrollees over the next four years will receive the new numbers, while Medicare administrators have an additional four years to issue new numbers to existing beneficiaries.
While the recommendation to disassociate Social Security numbers from Medicare numbers has been made numerous times over the past decade, it hasn’t been acted on until now both due to the resources required to switch over the millions of current and upcoming Medicare beneficiaries, and because of the demands put on HHS by the implementation of the Affordable Care Act and the health insurance exchanges for which the legislation called.
However, in the wake of the recent rash of high profile security breaches, including insurance giant Anthem, there’s an increasing focus on limiting the exposure of beneficiaries’ personal information, particularly Social Security numbers (and Medicare numbers by extension), to security lapses, theft, and fraud. By removing Social Security numbers from Medicare numbers, beneficiaries would no longer need to carry that information in their wallet, hand it over to reception and billing at every doctor’s office they visit, or have it on file with their local pharmacy. Depending on how individual carriers implement the change, they may not even need to have their SSN on file with their Medicare Advantage or Medicare Supplement plan at all. As a society we’re coming to understand that there’s no way to entirely prevent the kind of breaches suffered at Anthem and other companies, but we can develop strategies to limit what information is given out and when, and thereby limit the long term negative effects of any potential breaches. Unauthorized access to a member’s name, address, and randomly generated Medicare number and carrier ID number would still certainly have ramifications, but nothing close to what it would under the current Medicare number system. Social Security numbers are still the key to unlock identity theft, and for the already vulnerable population of Medicare beneficiaries, this is an important step towards helping them keep their identities, and by extension their financial and emotional well being, safe and secure.