As opposed to focusing on the audit and specifically on whether something is compliant, I tend to favor using a good dose of common sense. For better or worse, the SSN is a major piece of data used to perpetrate identity theft. Thus, even though it may not be specifically against the regulation, it doesn't make a lot of business sense to use the SSN in that context. Using Social Security numbers indicates a general disdain for patient privacy, one that may result in customers or patients taking their business elsewhere.
Dig Deeper on HIPAA
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.