Protecting Our Seniors from Identity Theft

Americans are very concerned about the risk of identity theft.  A recent Harris Poll found that 70 percent of respondents cited identity theft as among their greatest security-related concerns, ahead of terrorism, personal safety, and natural disasters.
 
      This concern comes as no surprise.  Last year, the Federal Trade Commission received more than 332,000 complaints from Americans who reported being victimized by someone who had stolen their identity.  It is important to note, however, that this figure is based on self-reporting, and we know that many victims do not report being the victim of a crime for various reasons, including embarrassment and not knowing where and how to report.  As a result, some estimates have placed the actual figure much higher, including one recent study that found that 12.7 million Americans were victimized by identity theft last year.
 
      This is not a new problem: the FTC reports that identity theft has been its number-one consumer complaint during the past 15 years.
 
      It is especially troubling that, according to the FTC, 28 percent of the identity theft complaints it received – for both personal financial and medical information -- were reported by seniors.  For the victims of identity theft, the stakes are high. Identity thieves can drain bank accounts, make unauthorized credit charges, and damage credit reports.  When medical identity theft occurs, the thief can obtain medical care, buy drugs, and submit fake billings to Medicare.
 
      As a senator representing the state with the oldest median age and as Chairman of the Senate Aging Committee, one of my highest priorities is protecting seniors against financial exploitation and scams.  I recently led a Committee hearing that examined whether federal government is doing enough to safeguard the sensitive personal information of seniors from attacks by identity thieves.
 
      An individual’s Social Security number is one of the most valuable pieces of information an identity thief can obtain.  In 2004, more than a decade ago, the Government Accountability Office, the federal government’s chief watchdog agency, cited the widespread use of Social Security numbers as identifiers by both public and private sector organizations as a major factor allowing criminals to commit identity theft.  Subsequently, in 2007, the Office of Management and Budget, which sets administrative policy for federal agencies, directed all federal agencies to develop plans for reducing the unnecessary use of Social Security numbers as identifiers in order to help protect individuals against identity theft.
 
      Since then, many federal agencies that had used Social Security numbers as identifiers, including the Department of Defense and the Department of Veterans Affairs, have removed these numbers from their identification cards, as have such state agencies as Departments of Motor Vehicles.  Private health insurers have also discontinued use of Social Security numbers.
 
      Yet the Centers for Medicare and Medicaid Services, which provides Medicare cards for 55 million seniors and disabled individuals, still has not.  While eight years has elapsed since the White House order to reduce unnecessary use of Social Security numbers, reviews have repeatedly found that CMS’s efforts lag behind other agencies and the private sector.  As a consequence, the 55 million Medicare cards in use today still clearly display an individual’s Social Security number.
 
      Earlier this year, I  joined  the Aging Committee’s Ranking Member, Senator Claire McCaskill in sending a letter to CMS requesting information related to whether the agency is making progress in the important effort to remove Social Security numbers from Medicare cards.  In its response, CMS told us that it would likely take approximately two to three years to make the necessary system modifications, conduct an outreach and education campaign, and issue new cards.
 
      Since it was increasingly clear that CMS officials were going to continue to drag their feet, Congress passed and the President signed a law in April to require CMS to remove Social Security numbers from all Medicare cards.  In May, I again led a letter from the Committee to CMS asking that we be further apprised of its plans.
 
      The response was disheartening and unacceptable.  CMS told us that they anticipated it would now take four years to complete the project.  In other words, CMS has actually lengthened its estimate of the time needed to solve this problem first identified by the GAO 11 years ago.
 
      The central focus of the hearing was to hear from CMS why it was taking so long to do something other government agencies – state and federal – as well as private entities had already accomplished, and why it would not make this change incrementally to expedite the process and reduce the risk.
 
      The theft of medical information can actually put lives at risk if the theft is not detected and the wrong information winds up in a victim’s medical file.  Moreover, it is not at all unusual for a victim of medical identity theft to be unaware that his or her personal information has been stolen.  According to a 2015 study sponsored by the Medical Identity Fraud Alliance, on average, victims learn about the theft of their medical information more than three months following the crime.  Some victims may never know how or when their medical identity was stolen because the criminals often hold the stolen information for months or even years before using it or selling it.
 
      Among hearing witnesses was Betty Balderston, who heads the Maine Senior Medicare Patrol, which works to fight against Medicare fraud.  She applauded the efforts of Congress to eliminate the use of Social Security numbers on Medicare cards. “However, our work is not finished,” said Ms. Balderston.  “Scam artists are always ready to take advantage of people in every state in this country, especially vulnerable seniors and people with disabilities.”
 
      She alerted Committee members about an emerging scam whereby con artists call would-be victims claiming to be from CMS and offering to help seniors obtain their new Medicare card for a small processing fee.  The scammers then seek to obtain personal information that can be used to commit identity theft. It was emphasized during the hearing that CMS will not call seniors about their Medicare cards, and that there will never be a fee charged to obtain a new card.
 
      The Aging Committee has taken an aggressive approach to fighting fraud and schemes targeting our nation's seniors and has investigated issues ranging from lottery scams to deceptive telemarketers.  In addition, the Aging Committee has established a toll-free fraud hotline.  That number, posted on the Aging Committee website, is 1-855-303-9470.
 
      We can reduce the likelihood of identity theft through tougher prosecution, consumer education, and by removing Social Security numbers from Medicare cards without endless delays.