Is it against HIPAA regulations to print SSNs on an insurance card?
Is it against HIPAA regulations to print a patient's Social Security number (SSN) on a prescription card and or insurance card?
The use of Social Security numbers is a gray area of HIPAA
, as well as with the majority of all the other regulations. Without digging into the hundreds of pages of the HIPAA legislation, a lot of it depends on what practices are disclosed to the client in the "Notice of Privacy Practices" document the patient signs. It will also depend on how the Social Security number is used. For example, printing the SSN on a bill that is mailed directly to the patient is usually acceptable. Printing it on a card, which presumably will be used and shown to other parties, isn't.
As opposed to focusing on the audit and specifically on whether something is compliant, I tend to favor using a good dose of common sense. For better or worse, the SSN is a major piece of data used to perpetrate identity theft. Thus, even though it may not be specifically against the regulation, it doesn't make a lot of business sense to use the SSN in that context. Using Social Security numbers indicates a general disdain for patient privacy, one that may result in customers or patients taking their business elsewhere.
This was first published in March 2008