Limiting the Use of the Social
Security Number in Healthcare
AHIMA Compendium http://compendium.ahima.org Throughout this brief, sentences marked with the † symbol indicate AHIMA best practices in health information management. These practices are collected in the new AHIMA Compendium, offering health information management professionals “just in time” guidance as they research and address practice challenges.
WITH ITS UNPRECEDENTED funding to support the effective implementation of health IT and health information exchange (HIE), the American Recovery and Reinvestment Act of 2009 has given new urgency to the need for a national health identifier. Because no unique personal identifier has been established, many providers have defaulted to the Social Security number (SSN) as a unique identifier. This practice brief outlines the importance of accurate pa- tient identification. It also provides guidance on limiting the use of the SSN in patient identification practices and outlines the unique identifier option.
The Importance of Patient Identification
Today, a single patient is likely to have a different identifier for
every provider and organization from which he or she has received treatment. These multiple identifiers lead to inefficien-cies along the continuum of care, including fragmented health
records. In addition, confusion between the terms “personal
identifier” and “ID set” can lead to inaccuracies.
A personal identifier is meant to describe a single attribute associated with an individual. In the absence of a personal identifier, a set of multiple attributes can be used to improve the accuracy of identification.
The process of accurately identifying patients is critical, because errors in identification can affect clinical decision making
and patient safety, create risk to a patient’s privacy and security, and result in duplicate tests and increased costs to patients,
providers, and payers. In addition, one organization’s patient
identification errors will multiply exponentially within a health
information exchange network.
Organizations therefore must develop, implement, and maintain practices that support accurate patient identification, including the following:†
x Obtain copies of a government-issued picture identifica-
tion (such as a driver’s license, passport, or official identity
card) and insurance card each time a patient registers
x Develop a customer-friendly script for requesting patient
identification and verification information
x Define a set of attributes that will be used consistently for
x Build effective business processes and quality checks
with clear standards, policies, and procedures into pa-
tient identification activities
x Improve the accuracy of patient matching by collecting
additional data elements such as mother’s maiden name
HIPAA attempted to streamline patient identification by re-
quiring organizations create a unique health identifier for every
patient. However, in 1998 political and privacy concerns caused
Congress to include a section in the Omnibus Appropriations
Act that prohibits the Department of Health and Human Ser-
vices from using federal funds to implement the unique health
identifier requirement “until legislation is enacted specifically
approving the standard.”
In the ensuing 13 years, technology has advanced dramatical-
ly, and many of the privacy concerns surrounding the unique
health identifier now can be addressed with technology and
sound business practices underpinned by federal and state
Patient Identification’s Effect on Data Integrity
EHR functionality, links within health systems, data sharing
within a regional HIE, and the Nationwide Health Information
Network all depend on the integrity of patient ID data. Accurate
patient ID data are the basic building blocks of true interoperability. However, as data sharing increases, the integrity of the
patient ID data decreases. In fact, systems with local controls
often have more reliable ID data. Reliability decreases as a system expands to include multiple entry points, systems, and users. The growth of a system correlates directly with the increased
risk to the accuracy of its data.
Impediments to the accuracy of the patient ID set can be at-
The results of compromised accuracy of patient identity can