The Point:

    Private health insurers have no need for SSNs.  Without an SSN, they simply issue
    their own unique insurance ID number and insure the customer.  Nobody who thinks
    about identity theft or security gives SSNs to insurance companies anymore.


The Problem:

    A new law called USC 42 1395y Section 111 requires that health insurers
    report subscribers for which Medicare is a Secondary Payer.  Medicare
    bungled the implementation of that requirement by telling health insurers
    that they had to submit SSNs of their customers.  However, the SSN
    requirement was not part of Section 111; Medicare just made that part up.
    When asked what to do about subscribers who wouldn't give their SSNs,
    Medicare asked why an insurer would want to insure them.  This put insurers
    into a situation that they found confusing, and some of them did as Medicare
    was suggesting and dropped subscribers who would not reveal their SSNs to
    protect against identity theft.

    From http://www.cms.hhs.gov/MandatoryInsRep/Downloads/March42009GHPTranscript.pdf:

    Albert Poulson: Okay, wonderful. All right, just a couple other - dependent social security
                    number, I know this has been discussed in the past. We have written all of our
                    participants and all of our groups - we're a third-party administrator first of
                    all. What I'm trying to ascertain now is you have a participant in the plan that
                    categorically does not want to submit the dependents' social security numbers.
                    What do we do?
    Bill Decker:    There's a - let me take the first stab at that. This is a question we've gotten
                    perhaps 500 times. And I know that we've tried to answer it before and we'll
                    give you yet another crack at this.
    Albert Poulson: No you have answered it and it's been great but we're trying to formulate a
                    letter saying it's mandatory. We just want to make sure the wording is correct
                    to get everybody to comply.


A Partial Solution:

    Many administrators in both the public and private sector don't seem to
    realize that it's against the law to deny health insurance based on Medicare's
    reporting mechanism.  USC 42 1395b, which pertains to 1395y and Section 111, reads:

    "Nothing contained in this subchapter shall be construed to preclude any State from
    providing, or any individual from purchasing or otherwise securing, protection against
    the cost of any health services."


    In spite of this, people are being dropped by their health insurers for trying to protect
    themselves from identity theft.  It happened to me on Jan 1st 2009 by a major insurer.
    I got my insurance reinstated on Feb 4th after pointing the insurer at USC 42 1395b.
    The insurer realized they were in violation of the actual law which supercedes Medicare's
    bungled rules and corrected it.

    However, Medicare has still not corrected their mistake in the implementation of
    USC 42 1395y Section 111, and private insurers continue to demand SSNs and threaten to
    drop coverage if it is not supplied.  If this happens to you, all you should have to do
    is point USC 42 1395b out to your insurer.