On April 16th President Obama signed the Medicare Access and CHIP Reauthorization Act of 2015. Included within the law is Section 501, a strong piece of privacy legislation, which calls for the prohibition of inclusion of Social Security account numbers on Medicare cards. Specifically, Section 501 instructs “the Secretary of Health of Human Services, in consultation with the Commissioner of Social Security, [to] establish cost-effective procedures to ensure that a Social Security account number (or derivative thereof) is not displayed, coded, or embedded on the Medicare card issued to an individual who is entitled to benefits under part A of title XVIII or enrolled under part B of title XVIII and that any other identifier displayed on such is not identified as a Social Security account number (or derivative thereof).”
The law suggests that the Secretary of Human Services implement a process whereby a Medicare beneficiary would receive an identifying number that could convert to a Social Security number when used by the Social Security Administration. To finance an alternative to Social Security numbers for Medicare beneficiaries, the law allocates $320 million dollars in funding.
This law is a major step in the right direction for preventing identity theft and Social Security number abuse. Furthermore, by actually funding the law, the US government has signaled its commitment to preventing identify theft. The private sector should follow the government’s lead and also act to limit the use of Social Security numbers to identify consumers. With data breaches becoming increasingly prevalent, if the private sector fails to act itself, the government may be forced to strengthen laws and regulations to mandate that businesses use alternatives to Social Security numbers.