The following “Ask the Expert” question was recently posted on the Department of the Navy Chief Information Officer (DON CIO) website.
“DoDI 1000.30, Reduction of Social Security Number (SSN) Use Within DoD, requires that the continued collection of the SSN be justified in writing. Does this apply to my private healthcare provider where a physician must file an insurance claim(s) on behalf of a member? I recently received a claim denial letter when my son's physician attempted to use my DoD ID number in lieu of my SSN in order to file a claim for a routine well visit. I would like to understand the provider’s requirement with respect to DEERS eligibility verification.”
The Defense Health Agency provided the following response:
The Department of Defense (DoD) Identification (ID) number is a 10-digit number created for each person within the Defense Enrollment Eligibility Reporting System (DEERS) regardless of status (e.g., dependent). A dependent will have his or her own DoD ID number independent of the sponsor's DoD ID
number. The DoD ID number is to be used to support DoD internal operations and internal business processes. The DoD ID number is not typically used by network providers participating in TRICARE programs to verify patient TRICARE eligibility or process claims for healthcare services provided to
TRICARE beneficiaries through our managed care support contractors (MCSC).
DoDI 1000.30, Reduction of Social Security Number (SSN) Use Within DoD (August 1, 2012) focuses on collection and use of SSNs within the DoD. This DoDI does not govern or otherwise limit the collection and use of SSNs by organizations outside of DoD. Organizations that are not subject to DoDI 1000.30 include, but are not limited to, private healthcare providers who accept TRICARE payments for services provided. Processing claims and paying claims submitted by these private healthcare providers to an MCSC is not considered an "internal" DoD business process for which the patient's DoD ID number may be used. Consequently, a private healthcare provider is not required to have a DoDI 1000.30 compliant Memorandum for the Record on file to continue the collection and use of a member’s SSN in order for network providers — who are private, not DoD, physicians — to use in filing claims with MCSCs.
To assure that claims submitted by TRICARE network providers comply with the HIPAA [Health Insurance Portability and Accountability Act] standard transaction requirements and provide the necessary information to accurately identify the patient receiving care, to permit TRICARE and its MCSCs to coordinate payments where more than one insurance company or a government or private health plan may be liable for all or part of the payments, the patient and/or responsible party's SSN is used as part of a claim by a network provider. In lieu of a "national patient ID number" (which the Congress has not authorized), the SSN is the only unique identifier recognized by DoD, Medicare, Medicaid, providers, and organizations responsible for payments for healthcare.
In addition to the DoD ID number, individuals eligible to receive DoD benefits, such as TRICARE, receive an 11-digit DoD benefits number (DBN). The first nine digits of the DBN link to the sponsor and the last two numbers are unique to the beneficiary. Providers can use the sponsor's SSN or the DBN on the back of the ID card to verify eligibility and submit claims on behalf of TRICARE beneficiaries. Additionally, if TRICARE beneficiaries file their claims, they should use the sponsor's SSN or the DBN. In a situation where the beneficiary does not have an ID card (e.g., children under 10), the easiest way for a provider to verify eligibility or process a claim is to use the sponsor's SSN. Furthermore, in the absence of the sponsor's SSN, providers can verify a family member's eligibility by using the first nine digits of the DBN and the date of birth.
It should be noted that DoD is significantly reducing the use of the SSN wherever possible. There will always be valid uses for the SSN. The above article illustrates one such example.
Additional privacy resources can be found on the DON CIO website at www.doncio.navy.mil/privacy.
Steve Daughety is the privacy lead for the Department of the Navy Chief Information Officer.