Printer Friendly

Compliance vs. SSN security concerns.

Q Does the education department at my work--a private hospital--have the right to insist that mandatory annual training be done on the company system, which is only accessible using my social security number (SSN)? My supervisor and lab director said I would be cited for non-compliance with mandatory education if I did not log onto the system and take the test. Many in my department share my concerns about the use of SSNs for anything but payroll purposes.

A With identity theft at an all-time high, more and more people are wary of letting others know their SSN. In your case, your employer probably can require you to log on using your SSN. Your employer is obliged to have your SSN to make the appropriate reports to the IRS; and, in general, absent state laws to the contrary, an employer may also use an employee's SSN as a general employee identification number. As long as the access to the system is tightly controlled and the identification number is not made generally available, the employer is probably within his rights to ask that you use your SSN to log into required educational programs, which also must be tracked. You may wish to check locally to determine whether state law puts any further restrictions on use of the SSN, but most states do not.

Although the law permits employers to use SSNs as an identification number for employees, the Social Security Administration recommendations also suggest that employers have a responsibility to treat the information with reasonable care and confidentiality. Your SSN should not appear on lists that are published or distributed, for example, and should not be put on your I.D. badge or I.D. card. Some state laws also require, and many experts suggest, that the SSN also not be published in full on pay stubs or other potentially disposable paper. If you find that your employer is not treating your SSN with care, you should approach the appropriate supervisor, outline your concerns, and ask that corrections be made.

That being said, you do have some voice in how your SSN is being used. Depending on how much fuss you want to put up (and how much you want to risk your job by doing so), you might consider asking politely for the written hospital policy that compels you to use your SSN for educational purposes. If the hospital administrators and/or managers cannot provide you with a current, in-force policy that supports its position, you may be able to convince them to give you an alternative I.D. number, if you are reasonable and courteous about it. Without a policy to support their demand, your employer is on shaky ground by requiring you to use your SSN, but that does not mean you will not face reprisals for failing to cooperate.

Because you indicated that you are not alone in your concern, and because identity theft and the potential for fraud based on misappropriation of SSNs is so high, you may be able to convince your hospital to review and perhaps revise its policies. The legal liability for a hospital that fails to maintain proper control over such sensitive information is significant, similar to the liability for failing to maintain confidentiality of patient information. The facts that 1) identity theft is a serious and well-known problem, 2) it often centers around misappropriated information, and 3) it causes unbelievable economic and emotional trauma to its victims probably raises a duty on the part of employers to exercise reasonable care in protecting such sensitive information.

Ask your employer how your SSN is used, who has access to it, how those individuals are screened for reliability, what safeguards are in place to prevent your number from being stolen, and what notification procedures, (required by some state laws), are in place to let you know if your private information has been inappropriately accessed. It is important that employers treat the responsibility of handling SSNs as they treat the responsibility of handling money. In fact, "harvesting" SSNs by unscrupulous employees may be much more lucrative than embezzlement and less likely to be discovered.

You might also want to inquire as to how discarded or recycled computer hardware is handled; some breaches of privacy in the healthcare setting have come from sensitive information being recovered from recycled computer hard drives. Recently, personal information--including SSNs--of over 6,000 employees of a Utah healthcare system was recently found on the hard drive of a laptop for sale at a secondhand store in Salt Lake City. Although in that situation, no damages seem to have resulted from the compromise of the individuals' information, such is not always the case. The only safe way to wipe a hard drive of information is either to physically destroy it or to use special programs that literally erase the information from the drive. Simple deletion of the information by the usual point-and-click mechanisms will not suffice; the information will remain in the drive and can be recovered by those sophisticated in data-recovery techniques. With a little research and some tact, you may be able to translate your concerns into a risk-management plus for your employer--and keep your SSN as private as it is intended to be.

Barbara Harty-Golder is a pathologist-attorney consultant in Chattanooga, TN. She maintains a law practice with a special interest in medical law. She writes and lectures extensively on healthcare law, risk management, and human resource management.


By Barbara Harty-Golder, MD, JD

MLO's "Liability and the Lab" is intended to provide risk management and human resource management education; it is not intended to provide specific legal advice. If you require legal advice, the services of an attorney should be sought. Dr. Harty-Golder welcomes your questions, which can be sent to her at
COPYRIGHT 2007 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2007 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Liability and the lab; social security number; Barbara Harty-Golder
Author:Harty-Golder, Barbara
Publication:Medical Laboratory Observer
Article Type:Interview
Date:Feb 1, 2007
Previous Article:Population selection for reference interval validation.
Next Article:Do your biohazard, bioterror, and emergency planning now.

Related Articles
Is this hospital legally liable in an employee fender-bender? (Liability and the Lab).
Stick to OSHA rules.
Laboratory access: when to withdraw the "welcome mat".
Photos and "photo cell phones" prompt new policies.
Clarify test-results dilemma.
Roles determine access rights.
Get it in writing.
HIPAA guides answering services.
Overtime work and pay puzzle workers.
Can AWAs meet the lab's needs?

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters