YOUR SSN NUMBER
Security Ranked by State - IRS - General Accounting Office online Security
BACK TO SECURITY
SSN NOT REQUIRED FOR THE DOCTORS OFFICE OR HOSPITAL
PRINT THIS OUT
SSN - SOCIAL SECURITY NUMBER IS PRIVATE TAKE THIS PRINT OUT WITH YOU TO THE HOSPITAL OR DOCTORS OFFICE - SHOW THEM YOU KNOW YOUR RIGHTS.
Fact Sheet 10: My Social Security Number
Your Privacy Rights - Health Insurance Portability and Accountability Act (HIPAA):
- Covers medical information in any format—written, spoken, or electronic
- Allows patient to view, request changes to, and obtain copies of health information documents
- Provides protections regarding how your information
can be used
Under HIPAA, you likely received a Notice of Privacy Practices when you visited a new healthcare provider or pharmacy. You would have been asked to sign a statement saying you’ve been given the notice. This Notice details your privacy rights, how your information is used and disclosed, and explains who will have access to your information.
Your Rights Under HIPAA:
- Right to access, inspect, and copy health information
- Right to request correction or amend health information
- Right to request accounting of disclosures of health information—who has received it
When I arrived for that appointment, I was handed the standard new patient information form to complete.
The receptionist asked me to provide him with my Social Security Number. The law does not require me to provide it. I will gladly provide my Pennsylvania Driver's License number.
Medical providers are not prohibited by State or Federal law from requesting a patient's Social Security Number, a patient is not legally required to provide it. No State or Federal law requires Medical providers to use a Social Security Number as an identification number. My Pennsylvania Driver's License number is just as unique as my Social Security Number and would equally differentiate me from any other patient.
The American Medical Association itself opposes the use of Social Security Numbers as an identification number. On May 6, 2002, the AMA approved Resolution # H-190.963, which specifically states that the "AMA policy is to discourage the use of Social Security Numbers to identify insureds, patients, and physicians, except in those situations where the use of these numbers is required by law and/or regulation." Since, there is no State or Federal law (or regulation) that required you to obtain my Social Security Number, your office policy requiring me to provide it is in direct contravention of the AMA's policy.
Protection of Privacy by States Is Ranked
SUMMARY:
Robert Ellis Smith, publisher of the monthly Study by Privacy Journal says ...
The federal government does a terrible job would rank in the 4th tier if it were a state.
The U.S.A. Patriot Act had diminished privacy. "The antiterrorist legislation in significant ways made it easier for law enforcement to conduct electronic surveillance," he said. "I don't think they were gross invasions of privacy, but the changes have to be regarded as a net loss of privacy."
The federal government has no regulation or guarantees privacy for
- 1) medical records, and the regime scheduled to go into effect next year is "weak."
- 2) financial privacy
- 3) no protection for the privacy of library records. "Most states do have laws that give great leverage to reject most requests" for information on users, though all have exceptions for formal law enforcement requests.
California and Minnesota protect the privacy of their citizens better than any other states, they have a commitment to privacy rights, though he ranked California marginally ahead. Both have a permanent office in state government looking after privacy and both state supreme courts have reaffirmed the right to privacy. Minnesota and California were also among the leaders in a 1999 version of the survey, which ranks states on whether they have privacy guarantees in their constitutions, laws protecting financial, medical, library and government files, and have fair credit reporting laws stronger than federal legislation. States are given extra credit when their highest courts have strong records on privacy and receive deductions for antiprivacy actions by state agencies or legislatures.
California has a privacy office, and its Legislature is continually "tweaking" privacy laws to stay on top of new intrusions.The court ruled that constitutional protections for privacy apply to private as well as government actions.
Minnesota, the court has ruled that disclosure of private facts is a tort and law applies to local governments as well as state government, and the state has the oldest established privacy office in the country, always fully staffed and financed. He said Minnesota also received credit for an effective lawsuit in which Attorney General Mike Hatch won large damages from banks for selling information to telemarketers.
The journal ranked states in five tiers.
- Top Tier
California, Minnesota, Connecticut, Florida, Hawaii, Illinois, Massachusetts, New York,
Washington and Wisconsin. - Second Tier
Alaska, Arizona, Colorado, Georgia, Maine, Oklahoma, Rhode Island, Utah and Vermont. - Third Tier
Indiana, Louisiana, Maryland, Michigan, Montana, New Jersey, Nevada, Ohio, Oregon and Virginia. - Fourth Tier
District of Columbia, Alabama, North Dakota, Nebraska, New Hampshire, New Mexico, Pennsylvania, South Carolina, Tennessee and West Virginia. - Fifth Tier
Arkansas, Delaware, Idaho, Iowa, Kansas, Kentucky, Mississippi, Missouri, North Carolina, South Dakota, Texas and Wyoming.
Texas, ranked in 1999 as "not on the radar screen," improved its standing by
1) enacting laws restricting the use of genetic information by insurance companies and employers, and the
2) requiring telemarketers not to call individuals who have entered their names on a state "do not call" list.
Critical information security weaknesses at the Internal Revenue Service
http://www.fcw.com/fcw/articles/2003/0602/web-irs-06-02-03.asp
Critical information security weaknesses at the Internal Revenue Service demonstrate the importance of moving past the development of an information security program to actually implement the measures outlined in the plan.
The General Accounting Office found almost 900 weaknesses across the 11 IRS organizations included in its review, particularly in the areas of access and authorization. All of the weaknesses can be traced to IRS' incomplete implementation of its agencywide security program, according to the report dated May 30.
The IRS has made progress toward addressing security, including developing a milestone-based plan to fix vulnerabilities -- a step required by the Office of Management and Budget under the Government Information Security Reform Act of 2000 and continued under the Federal Information Security Management Act of 2002.
The tax agency also has increased the number of resources and people devoted to information security and created an around-the-clock incident response team.
But the many weaknesses that still exist and the lack of an agencywide process to identify and address future vulnerabilities leave sensitive personal data open to unauthorized users.
"Such individuals could possibly obtain personal taxpayer information and use it to commit financial crimes in the taxpayer's name (identity fraud), such as establishing credit and incurring debt," the report states.
Beyond the need to meet all of the standard requirements, such as performing risk assessments and certifying and accrediting systems, GAO also strongly recommended incorporating accountability for security controls into employee performance appraisals.
"Until such performance standards and measures are developed and incorporated into the appraisal process, agency personnel may not devote sufficient attention and effort to implementing effective security controls," the report states.
In a written response to GAO, new IRS Commissioner Mark Everson said that his agency plans to address each of the report's recommendations this year, although incorporating security into performance appraisals will have to wait until fiscal 2004 because of legal constraints.
IDENTITY THEFT
The guidelines for dealing with non-governmental institutions. Most of the time private organizations that request your Social Security Number can get by quite well without your number, and if you can find the right person to negotiate with, they'll willingly admit it.
Most of the time, you can convince them to use some other number. Usually the simplest way to refuse to give your Social Security Number is simply to leave the appropriate space blank.
Most employers have no policy against revealing your Social Security Number; they apparently believe that it must be an unintentional slip when an employee doesn't provide an SSN to everyone who asks.
Employers
Employers are required by the IRS to get the SSNs of people they hire. They often ask for it during the interview process, but there are good reasons to refuse if you can afford to argue with the potential employer. Some of them use the SSN to check credit records, to look for criminal history, and otherwise to delve into your past in areas you might object to. Tell them you'll give them your SSN when you accept their offer. They have no legitimate use for it before then.
