Electronic Medical Records And Data Security

Ray from Excess Return hosted the 169th Cavalcade of Risk this week – be sure to stop by and check it out.  In the “heads up” category, there’s a good post from David Williams, reminding readers that when healthcare data is hacked, the thieves are most likely interested in social security numbers and credit card info, rather than medical records.  He points out that medical offices don’t need SSNs, and that patients shouldn’t feel uncomfortable refusing to have their SSNs added to their files.  Years ago, when we were new to the health insurance industry, I remember that some of the individual health insurance carriers in Colorado used SSNs as full or partial policy ID numbers.  That all changed several years ago and carriers switched to assigned ID numbers.  With more of a push towards all digital medical records, there are valid concerns about data theft.  But ID numbers used by medical offices and health insurance carriers can and should be encrypted or assigned, without use of a social security number.

As David pointed out, we really don’t need to be too worried about our medical data being stolen.  Medical identity theft is increasingly a problem, but that generally happens when someone attempts to steal an insured’s identity in order to receive healthcare under the victim’s health insurance policy.  Again, no theft of sensitive medical records, but a significant problem.  Data security absolutely needs to be a priority as we transition to electronic medical records.  But for the most part, the problems are not what people think of first (sensitive medical data being compromised), but rather, theft of credit card numbers and social security numbers, as well as people who try to fraudulently use another person’s health insurance coverage.

About Louise Norris

Louise Norris has been writing about health insurance and healthcare reform since 2006. In addition to the Colorado Health Insurance Insider, she also writes for healthinsurance.org, medicareresources.org, Verywell, Spark by ADP, and Boost by ADP, and Gusto. Follow on twitter and facebook.


  1. At some point Social Security Numbers will be an important component to medical record keeping. The primary value comes in data consolidation.

    People change providers, and insurers, addresses, and surnames (when women marry). Having the ability to pull one entire medical history together in one place would truly lower health care costs. The key component is a unique identifier that is consistent across time and place.

    • I definitely agree that data consolidation is the key, and that one complete medical history for each person should be the goal. I think that whatever identifying code or number is used for each person should be independent of social security numbers. SSNs should be reserved for financial purposes (taxes, credit, social security, etc.) and not intermingled with all of the other data that is compiled about us (not just medical – everything is going digital, pretty rapidly).

      • Therein lies the challenge. I worked at a major credit bureau for over a decade. They are the forerunners of data integration technologies and relied on SSN heavily in the past.

        Each began developing consumer Personal Identifying Numbers (PIN) to overcome the shortcomings of SSN. At some point these tools need to be used in the medical field. The impact would be enormous.

Speak Your Mind