Ask the Expert

HIPAA and Social Security numbers in a hospital computer network

Currently, a hospital information system uses Social Security numbers as one of the key fields for patient identification. This system enables the merging of patients' info into an enterprise patient ID. Is the use of Social Security numbers by this system considered a HIPAA violation? If so, would redesigning the entire patient ID system be the only answer?

    Requires Free Membership to View

Use of Social Security numbers (SSNs) is not a violation of HIPAA unless the number is used in such a way that it is clearly exposed to the public. So, as an example, if an organization is using Social Security numbers as the patient identifier, the full ID cannot be displayed on member cards. Similarly, computer monitors need to be set up so that patients' Personal Health Information (PHI), including their SSNs and diagnoses, are not viewable by other patients or unauthorized personnel.

Without further information about what the enterprise patient IDs looks like, it is hard to say for certain that this is not a violation of HIPAA, but at first blush it sounds acceptable, especially if this ID is not being printed on ID cards.

For more information:


This was first published in January 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: