Are 52 Million Americans At An Unnecessary Risk For Identity Theft?

As Chairman of the Senate Special Committee on Aging, I oversee the Committee’s Fraud Hotline (1-855-303-9470). This hotline has been a useful tool to enable seniors and their loved ones to report instances of scams and fraud targeted at our nation’s seniors. The hotline has also provided Committee investigators with useful information as we work to educate seniors about these scams and help put a stop to them.

The hotline recently received a call from an individual in Maine who had just celebrated his 65th birthday, reaching the eligibility age for Medicare. He applied for Medicare, which is a routine process, and a few weeks later, he received his Medicare card in the mail. When he opened the envelope containing his card, he was surprised and alarmed to learn that Medicare cards prominently display Social Security Numbers (SSNs). This card, he explained, puts him at a great risk of identity theft, especially if it were lost or stolen.

This individual has good reason to be concerned, as do the more than 52 million Americans that have Medicare cards.

According to the Federal Trade Commission (FTC), identity theft has been the most common consumer complaint over the past 15 years. In 2014 alone, more than 332,000 Americans, including 693 Mainers, reported being victimized by someone who had stolen their identity. Also according to the FTC, 20 percent of identity theft complaints in 2014 were reported by individuals over age 60.

In 2004—more than a decade ago—the Government Accountability Office (GAO) reported that the widespread use of SSNs as identifiers by both public and private sector organizations provided ample opportunity for criminals to obtain and use these numbers to commit identity theft. Subsequently, in 2007, the Office of Management and Budget (OMB) directed all federal agencies to develop plans for reducing unnecessary usage of SSNs and transition to alternative identifier numbers.

Since then, many federal agencies that had used SSNs as identifiers, including the Department of Defense and the Department of Veterans Affairs, have ultimately removed SSNs from their identification cards. In recent years, other organizations, such as private health insurers and state agencies, also discontinued use of SSNs as identifiers in order to protect individuals from identity theft.

In Maine, for example, a drivers’ license now bears a seven-digit number as an identifier, rather than a driver’s SSN.

Since the GAO initially raised this issue, the agency has made numerous subsequent recommendations that SSNs be removed from Medicare cards. Inspectors General for the Department of Social Security Administration have made similar recommendations as well. Most recently, in its 2015 High Risk Series report, the GAO again designated Medicare as a high-risk program and recommended that the Centers for Medicare and Medicaid Services (CMS) “effectively and cost-effectively identify, design, develop, and implement an information technology solution that addresses the removal of Social Security numbers from Medicare beneficiaries’ health insurance cards.” Yet, despite all of these warnings, it does not appear to be a priority of CMS to take this important step toward helping to protect our nation’s seniors from identity theft.

Early last month, the Aging Committee’s Ranking Member, Claire McCaskill and I sent a letter to CMS to inquire about this important issue. In our letter, we asked specific questions about what actions CMS has taken to remove SSNs from Medicare cards. In addition, Congress recently passed legislation that directs CMS to take this important action. But by all accounts, the agency appears no closer than it ever was to making this important, common-sense change to Medicare cards.

Recent massive cyberattacks by hackers—including a breach of Anthem, the nation’s second largest health insurance company—may have compromised sensitive information of more than 312,000 Mainers and as many as 80 million current and former Anthem customers nationwide. These attacks have justifiably prompted renewed calls for CMS to remove SSNs from Medicare cards.

It is critical that this issue be a high priority for CMS. I will continue to press CMS to do more to protect the identity of our nation’s seniors and Medicare card holders.