State prohibition against putting SS# on benefits card... preempted?

[Guest calcu]

Any thoughts on whether state laws that prohibit an employer from putting an employee's social security number on a benefit card will be preempted by ERISA? We are self insured and recently discovered that a law prohibits putting an employee's social security number on any card required for the employee to obtain services. Any thoughts?

Thanks

[GBurns]

Doesn't Federal Law, SS Law in particular, also prohibit the use of a SS# for such a purpose?

[Appleby]

Calcu, given the reason behind the state law (preventing identity theft), wouldn’t it be in everyone’s best interest to use some other type of identifying number unique to the employee?

[david rigby]

Agree with Appleby. Look around and you will see many recent examples of "masked" SSNs, which can be as simple as blanking out the first 5 digits.

[Steve72]

Good question.

I assume this is the California law. It's not clear whether this law is preempted or not (I think it should be.)

There's no Federal law that I'm aware of prohibiting the use of the SSN in this manner, but Congress has a few bills in process.

[GBurns]

The allowance of use of a person's SS# is at the discretion of the person and cannot be mandated by the employer or anyone else, of course the employee might not get coverage if the SS# is not provided. However, because of SS# being a key piece of the information that has to be kept private under HIPAA, I doubt that there are any major insurers who are still using SS# as an identifier.

The SS Administration position was stated in this publication, which unfortunately is currently bweing revised and so cannot be referenced right now:

http://www.ssa.gov/pubs/ssn_1.html

There is also the issue of state privacy laws, and I doubt that any of the states with recently updated privacy laws (GLB, HIPAA etc) would still allow SS# as an identified on a medical card just as it is prohibited for any publicly displayed item including badges. A benefit card would be no different from a badge.

Although your plan is self insured ERISA would only preempt as it pertains to the plan and plan provisions etc, I doubt that state privacy laws and labor laws would be preempted. In any case if you are using any large TPA or insurance company as your Claims Administrator, they probably will advise agaainst the use of SS# and suggest the use of an employee #.

Have you asked your Claims Administrator for their postion on this?

[Steve72]

I'm going to disagree with GBurns. Although there is definitely a movement away from using the SSN as an identifier, many insurers/TPAs still use it as the default. In fact, it's not uncommon for insurers or TPAs to charge their clients extra for using a different individual identifier.

The SSN is not a protected piece of data under HIPAA. It is an identifying characteristic, not PHI. The only HIPAA implication for the SSN is theability of health information to be tied to an individual through the identifying information. However, that does not afford the SSN any greater protection than, for example, the name.

There was a proposal to include an "individual identifier" under HIPAA, but it was never finalized.

As for the pre-emption issue, the California state law (which I believe is the only one in effect) states explicitly that an employer cannot print the SSN on benefits material. Because this affects benefits administration in that the sponsor may need to have differing procedures for participants in California and other states, I think there is a fairly strong argument that it is pre-empted.

I wouldn't want to be the one to test the argument, however.

[Guest georgia]

for those plans with membership in Georgia: Code Section 33-24-57.1(f) prohibits the use or display, for any purpose or in any manner, of an SSN on health insurance id cards effective July 1, 2004.

[mbozek]

Because of the dangers of idenity theft there is movement to eliminate using the SS no as an identifer for customers. The IRS stopped putting ss no. on tax forms mailed to taxpayers years ago. Colleges no longer use SS no as a student Id. Creating a separate benefit id system for Cal ees is too inefficient for corporations which are headquartered in other states and providers will either use a unique id for all employees, eliminate the ss no in correspondence or ignore cal law on preemption grounds when it relates to plan admin matters.

[GBurns]

The BCBS Association has mandated that all BCBS members change from using SS# to an alphanumeric structure with a deadline of 1/01/2006.

Already the BCBS in MI, IL, MN, FL, NC, TX, GA, Iowa and NY have already publicly announced their changes.

Some of these were changed not as a result of the mandate but in response to state law. The states that already have this effective in 2004 seem to be CA, FL, GA, UT with TX 1/01/05 and MI 1/01/06. I do not know the effective dates of the other states such as CO, IL, KS, OK, WA, NC, OH, PA, VA, OR, MN.

UHC and Aetna have also started switching and so have some ASO providers such as Great-West. There are also a large number of large TPAs that have already changed over some based not on state law but on client requests. A number of Fortune 100 companies (e.g IBM, Ford and GE) have already done so, not only for protection from identity theft but so as not to have a fragmented sytem as a result of differing state laws.

IBM made the request to their providers explaining that this was partially to help counter rising identity theft. Using this logic, I would not expect that any thinking company would bother to use ERISA preemption as a reason not to change. The change is only applicable to the card that is used in public, the SS# will still be used internally, which further weakens any preemption argument since there is no meaningful interference with plan administration or operation.

Considering the number of persons covered by the above BCBS, the number covered under the state employee program, and the amount covered by those Fortune 100 companies, it seems safe to say that the majority of employees are currently, or will soon be, under a plan that does not use SS#. If the majority uses other than SS#, it seems futile to go against the trend even if there is not the issue of state law.