Skip to content

Hearing on Removing Social Security Numbers from Medicare Cards

August 01, 2012

Hearing on Removing Social Security Numbers from Medicare Cards












August 1, 2012

SERIAL 112-SS19/HL14

Printed for the use of the Committee on Ways and Means


DAVE CAMP, Michigan, Chairman

WALLY HERGER, California
PAUL RYAN, Wisconsin
DEVIN NUNES, California
JIM GERLACH, Pennsylvania
TOM PRICE, Georgia
RICK BERG, North Dakota
DIANE BLACK, Tennessee
TOM REED, New York

RICHARD E. NEAL, Massachusetts
JOHN B. LARSON, Connecticut
RON KIND, Wisconsin

JENNIFER SAFAVIAN, Staff Director and General Counsel
JANICE MAYS, Minority Chief Counsel

SAM JOHNSON, Texas, Chairman

RICK BERG, North Dakota


WALLY HERGER, California, Chairman

PAUL RYAN, Wisconsin
DEVIN NUNES, California
JIM GERLACH, Pennsylvania
TOM PRICE, Georgia

RON KIND, Wisconsin





Tony Trenkle
Chief Information Officer and Director, Office of Information Services, Centers for Medicare and Medicaid Services, Department of Health and Human Services, Baltimore, MD

Kathleen King
Director, Health Care, accompanied by Daniel Bertoni, Director, Education, Workforce, and Income Security, Government Accountability Office


Wednesday, August 1, 2012
U.S. House of Representatives,
Committee on Ways and Means,
Washington, D.C.


The subcommittee met, pursuant to notice, at 9:36 a.m., in Room 1100, Longworth House Office Building, Hon. Sam Johnson [chairman of the subcommittee] presiding.

[The  advisory of the hearing follows:]


     *Chairman Johnson.  Good morning.  We welcome our colleagues from the Subcommittee on Health, who join the Social Security Subcommittee, today to focus on the importance of removing Social Security numbers from the Medicare cards.

     For many years now, protecting the Social Security number has been a priority of the Ways and Means Committee that both sides agree on.  So far this session, we have had numerous hearings on the role of Social Security numbers and the growing crime of identity theft.  We have learned how identity thieves prey on anyone, including those most vulnerable, like seniors and children, even children who have died.

     According to the Government Accountability Office, Social Security numbers are the identifier of choice, and are used for all sorts of financial transactions.  In an April 2007 report, President Bush’s Identity Theft Task Force identified the Social Security number as the most valuable commodity for an identity thief.  It is no wonder the Department of Justice reports that 7 percent, or 8.6 million households had someone over the age 12 experience identity theft.

     We all know Americans are told not to carry their Social Security cards to protect their identity in case a wallet is lost or stolen.  Yet seniors are told they must carry their Medicare card, which displays a Social Security number.  Not only does this make no sense, it puts Medicare beneficiaries at risk. 

     In 2007, the White House Office of Management and Budget issued a directive to all federal agencies to develop plans for reducing the use of Social Security numbers — 2007; remember that date. 

     The Department of Defense and Veterans Affairs are now phasing out the use of Social Security numbers on their ID and Medicare cards.  I applaud them for taking this action and for taking this action on their own.  And some of our largest federal agencies, along with the most private insurance providers, can stop public display of Social Security numbers.  The Centers for Medicare and Medicaid, or CMS, should too.

     If CMS won’t do what is right for America’s Medicare beneficiaries, then Congress must act.  That is why, along with my fellow Texan and Subcommittee on Social Security member, Congressman Lloyd Doggett, I have introduced legislation H.R. 1509, the Medicare Identity Theft Prevention Act of 2011.  Our bill directs the Secretary of Health and Human Services to remove Social Security numbers from Medicare cards.  A similar bill of ours passed the House with overwhelming bipartisan support in 2008 on a voice vote.

     I thank my colleague from Texas for his work on this important issue, and all my committee colleagues for their support.  I hope we will soon get this important legislation behind us.  I thank each of our witnesses for sharing their findings and recommendations, and look forward to hearing your testimony.

     I now recognize the Ranking Member, Mr. Becerra, for his opening statement.

     *Mr. Becerra.  Mr. Chairman, thank you very much.  Identity theft is a serious problem, and seniors and disabled Americans are particularly vulnerable.  Nearly nine million Americans a year have their identities stolen.  According to the Federal Trade Commission, a typical theft costs a victim somewhere around $500.  That is a significant loss to someone who might be living on a fixed income.  In a worst case scenario, thieves often will steal an average of about $13,000 from a victim.  And those victim spend about an average of 130 hours trying to clear their credit and prevent additional theft.

     Seniors and disabled Americans are particularly vulnerable here.  First, of course, we know that they have low incomes, so even a modest theft can be devastating.  The median income of seniors in America, a senior household, would be somewhere around $25,000 a year.  And more than half of disabled Americans receiving Social Security and Medicare live in poverty, even with their Social Security benefits included.

     And, of course, secondly, we know that seniors and disabled Americans often carry their Social Security numbers on their person.  That makes them, of course, more available to thieves.  I support removing the Social Security number from the Medicare card, which too many of our seniors carry on their person. 

     But making seniors more secure will require resources.  Although it may sound simple, giving 49 million Americans new Medicare ID numbers and making sure that they can still fully access their benefits is a big job.  The job is made more difficult because a series of Republican budget cuts has left the Centers for Medicare and Medicaid Services and the Social Security Administration struggling to keep up with their basic work just as the Baby Boomers, of course, are reaching their retirement age.

     Since 2010, the Social Security field offices which take Medicare applications, issue Medicare cards, and provide in-person customer service to Medicare beneficiaries have lost nearly 2,300 employees, about 8 percent of their total staff, to budget cuts.  Social Security offices are closing to the public half an hour early.  And waiting times for phone service and initial disability benefits are rising.

     Here in the House, the Republican Majority recently proposed cutting Social Security’s fiscal year 2013 budget by nearly $800 million below the 2012 levels.  Short-changing Social Security makes it likely that the agency will have to furlough or lay off staff, and may create a backlog of retirement applications for the first time in our history.

     Similarly, CMS funding has failed to keep up with their growing responsibilities.  Their per-beneficiary operating budget has declined by 14 percent since 2004.  Once again, any cuts in any House budget to CMS’s funding could lead to more devastating impact for those Medicare beneficiaries.  And funding we see may actually reduce by about $400 million in the House Republican budget.

     We need to provide the resources so that CMS can better protect seniors from identity theft.  The Bush Administration, back in 2004, failed to solve this problem when GAO first identified it.  And it is still not solved, despite strong support in our committee and the House, passing Chairman Johnson and Mr. Doggett’s bill, H.R. 6600 back in 2008. 

     Congress first directed HHS to address this issue in 2005 in the Labor, Health and Human Services, and Education appropriations bill.  In 2007, the Bush Administration failed to make CMS comply with an executive order to eliminate unnecessary use of the Social Security number.  And, most recently, CMS produced a cost estimate for removing the Social Security number from Medicare cards, as we requested.  But as GAO has pointed out, there may be significant flaws in that estimate.

     I hope that CMS is ready to partner with us to solve this problem, starting with providing a comprehensive and reliable cost estimate.

     Mr. Chairman, this is an issue that we have been working on for some time.  I hope that we are able to work together with the Administration to get this done, because millions of Americans depend on getting their Social Security and Medicare benefits, and none of them should be facing the possibility of theft, simply so that people can steal their Social Security number and take advantage of them.

     And so, with that, I am pleased to have our witnesses here, and I look forward to the hearing.  And with that, I yield back the balance of my time.

     *Chairman Johnson.  Thank you, Mr. Becerra.  I now recognize the chairman of the Subcommittee on Health, Mr. Herger, for his opening statement.

     *Mr. Herger.  Thank you.  I am pleased the subcommittees are meeting today to discuss what I consider to be a commonsense, bipartisan idea that will help protect our nation’s seniors, brought before the committee by Chairman Johnson and Congressman Doggett.

     Medicare beneficiaries from across the United States are affected by fraud and identity theft, including those in California, where nearly 100,000 beneficiaries have had their Social Security numbers compromised, according to CMS data.  I am sure I am not the only member of this committee who has received letters for congressional action to remove Social Security numbers from Medicare cards.

     A constituent of mine wrote about an interaction with CMS where he was told, after asking about removing Social Security numbers from Medicare cards, “We have always done it that way, and we don’t intend to change it.”  He went on to state, “With identity theft running rampant in this country, it seems ridiculous that Medicare would refuse to stop this practice.”  I couldn’t agree more.

     While challenges lie ahead for the agencies involved in the process of removing Social Security numbers from public documents, I am very disappointed with the lack of leadership and interest in this issue at the Centers for Medicare and Medicaid Services.  To date, CMS has offered little beyond excuses and questionable reports.  Interestingly, CMS did not appear too concerned about the cost and efforts involved with removing Social Security numbers when it mandated that private Medicare plans do so years ago.

     When the Office of Management and Budget, under the previous Administration, issued a 2007 directive to all federal agencies to develop a plan to remove Social Security numbers, the Department of Defense and Veterans Administration acted.  As a result, they are well underway toward full implementation of their plans.  Presumably, these departments had the same logistical challenges that CMS faces, but they did not offer excuses.  They offered a plan.  And not only did they have a plan, but they also found a way to do it with existing funding.

     CMS doesn’t even have a plan to move forward, despite being directed to do so five years ago, and now professes to need nearly $1 billion in additional funding to do so.  The validity of the latest CMS cost estimates has been questioned by GAO.  The new estimate is nearly three times more expensive, despite taking half as long to implement than it was predicted just a few years ago.  It is becoming clear to me that CMS simply isn’t interested in taking this commonsense approach to protect seniors and people with disabilities from identity theft.  Or, perhaps there is another reason.

     As we all know, there is a key development that took place between the first estimate and the second estimate:  the enactment and initial implementation of Obamacare.  It has been widely reported that significant CMS resources, both financial and staffing, have been diverted from the Medicare program to implement non-Medicare Obamacare provisions such as exchanges and mandated health benefits.  I can’t help but wonder if this new cost estimate reflects just how thin Medicare has been stretched because of Obamacare, or perhaps that some in the Obama Administration recognize this as an opportunity to grab more money to implement Obamacare.

     As you may know, the independent Congressional Budget Office has repeatedly stated that the Democrats’ health care law drastically underfunded implementation efforts.  If this is a simple money grab, perhaps that is why CMS has been unable to provide sufficient data or other information to support the cost estimates in its report.  It is clear that a more complete and thorough cost analysis by CMS is necessary, one that is held to the standards we have come to expect and reports to Congress by federal entities.  If CMS does not want to responsibly act, then Congress will require them to.  Business as usual should not trump protecting Medicare beneficiaries. 

     Thank you, Chairman Johnson, and I yield back.

     *Chairman Johnson.  The gentleman’s time has expired.  Thank you.  I now recognize the Ranking Member on the Subcommittee on Health, Mr. Stark, who is also on the Ways and Means Social Security Subcommittee.  Thank you.

     *Mr. Stark.  Thank you, Mr. Chairman.  And thank you for your work in this area, and you and my colleague, Congressman Doggett, for addressing a serious problem.  Happily, I don’t have this problem.

     A lot of the question is what kind of an identity you have.  Mine was stolen a while back, and that guy that stole it called me shortly thereafter and asked if I would please take the identity back, and — he was having trouble with it.


     *Mr. Stark.  So, one way to do away with this problem is to sort out what kind of an identity you wish to have stolen.  But we haven’t done ourselves any good by coming up with a wide variety of estimates.  As you indicated, three — or Mr. Herger indicated, between $300 million and $800 million.  And GAO has criticized some of these analyses.  And it will cost money.  It will take a bit of bureaucratic effort to come up with a problem that doesn’t sound — a solution to the problem.  And I hope that we can proceed.  It is a danger.  And as the Internet and these world of social connections become broader, this problem will spread.  And it is — I think we should encourage and support, with adequate funding, a means for our government agencies to tackle this problem as promptly as they can.

     Thank you for the hearing, and thank Mr. Doggett for his work in this area.

     *Chairman Johnson.  Thank you, Mr. Stark.  As is customary — any Member is welcome to submit a statement for the hearing record. 

     Before we move on to our testimony today, I want to remind our witnesses to please limit your oral statements to five minutes, please.  However, without objection, all the written testimony will be made part of the hearing record.

     We have one panel today.  Seated at the table are Tony Trenkle, Chief Information Officer and Director, Office of Information Services, Centers for Medicare and Medicaid Services, Department of Health and Human Services in Baltimore, Maryland.  You could have more titles, could you?

     Next is Kathleen King, Director, Health Care, accompanied by Daniel Bertoni, Director, Education, Workforce, and Income Security, Government Accountability Office.

     Welcome, Mr. Trenkle.  You may proceed.


     *Mr. Trenkle.  Thank you.  Chairman Herger, Chairman Johnson and Herger, Ranking Members Becerra and Stark, and distinguished members of the subcommittees, I am pleased to be here today on behalf of the Centers for Medicare and Medicaid Services to discuss the use of the Social Security numbers on the Medicare identification cards.

     CMS supports protecting beneficiaries from fraud and abuse and identity theft, and we understand the concerns that the use of the SSN causes for some beneficiaries.  As a personal note, a couple weeks ago my aunt passed away suddenly.  And as the executive of the estate, I had to go through the house and clear it out.  And part of that was looking at her wallet.  And in the wallet was both her Social Security card and her Medicare card.  So I understand, from a personal basis, what the risks are of carrying that in a public location by a person who is 89 years old.

     CMS is happy to work with Congress to develop an approach for removing SSNs from the Medicare cards.  And, depending on the time frame, reprioritizing work that Congress has given us.  To that end, CMS has provided Congress with a cost estimate for removing SSNs from Medicare cards in 2006 and 2011.  And I know some concerns have been expressed about the difference in cost between the 2006 and 2011 estimates.  However, the 2011 estimate was updated to reflect additional options, a new time for implementation, a much more comprehensive review of impacted CMS systems, and an estimate for Medicaid costs, which was not in the 2006 report.

     This update provided a rough order of magnitude of the cost to remove the SSN from the Medicare card, and clearly demonstrates that any change in the current system for beneficiary identification requires substantial investment of time, resources, and staff.  We appreciate the analysis that our colleagues from the GAO conducted on our report and cost estimates.  And we concur with the recommendation that we re-estimate the cost of removing the SSNs from Medicare cards, using a more rigorous and detailed approach.  We have already begun work on that effort.  We have identified staff to work on it, and also will be shortly awarding a contract to support that work.

     It is important to remember — there was a question raised about the difference between us and DoD and VA — it is important to remember that we are much more intricately linked with SSA and the SSN.  I worked in both agencies, and I know how tightly linked the two agencies are because it is a basis for identity — beneficiary authentic identification, fundamental to multiple systems, required to process and track beneficiary claims and enrollment, to conduct our anti‑fraud and quality improvement offices and coordinate with SSA, Railroad Retirement Board, and state Medicaid.

     As a health care organization, we annually process 1.3 billion Medicare claims from about a million providers on behalf of 50 million Medicare beneficiaries.  Any change to Medicare card would impact each Medicare beneficiary, along with providers, health insurers, states, operations and systems of the primary agencies involved in the administration of Medicare.

     CMS is determined that changes to Medicare card would involve 50 CMS systems and require sufficient planning and resources to ensure that beneficiaries and providers would not experience major disruptions.  We believe, of the three options presented, the option to replace with a new identifier best meets the goals of reducing the risk of identity theft and preventing fraud, while minimizing the burden on beneficiaries and providers.

     We share the concerns of the committee and others about potential identity theft and schemes that target Medicare beneficiaries.  Given the budget and logistical challenges of removing the SSNs from Medicare cards, we have already taken a number of steps to protect beneficiaries from identity theft.  We have removed the SSNs from the Medicare summary notices that are mailed to beneficiaries on a quarterly basis.  And we have prohibited private Medicare, health, and prescription drug plans from using SSNs on enrollees’ insurance cards. 

     We are engaged in education effort to provide beneficiaries with information on how to prevent medical identity theft and Medicare fraud, which includes educating them about steps to prevent identity theft and fraud, including posting information on the CMS website, and adding information to the Medicare handbook.  We encourage our beneficiaries to review their billing statements and other medical reports to spot unusual or questionable charges.

     So, in closing, I appreciate the concerns expressed by Congress and beneficiaries regarding the continued use of SSNs on Medicare cards.  And I can assure you that CMS will work to protect beneficiaries from fraud, abuse, and identity theft, wherever possible.  The Administration is happy to work with Congress to develop an approach to remove SSNs from the Medicare card.  We pledge to continue our efforts to safeguard beneficiary identification numbers, maintain dialogue about options that Congress may wish to consider, ensure there is no disruption in beneficiary access to their Medicare services.

     Though the costs and challenges of the Medicare cards that CMS has identified are real, these challenges can be mitigated with thoughtful planning.  I appreciate the committee’s ongoing interest in this issue, and can assure you that CMS is committed to working with Congress to identify ways to best protect beneficiaries’ privacy.  Thank you.

     [The statement of Tony Trenkle follows:]

     *Chairman Johnson.  Welcome, Ms. King.  You are recognized.  Go ahead.


     *Ms. King.  Chairman Johnson, Chairman Herger, ranking members of the subcommittees, and other members of the subcommittees, we are pleased to be here today to discuss our review of the options presented in the 2011 Report to Congress by CMS for removing Social Security numbers from Medicare cards, and the agency’s cost estimates for these options.

     More than 48 million Medicare cards display an SSN as part of the health insurance claim number, or HICN.  The HICN plays an essential role in the administration of the Medicare program, and is used by CMS to interact with beneficiaries and providers, and by other agencies that play a role in determining an individual’s eligibility for Medicare.  For most people, the Social Security Administration is responsible for determining Medicare eligibility and assigning the HICN.

     In response to a congressional request from some members of these subcommittees, CMS presented three options for removing the SSNs from Medicare cards.  All three options would generally require similar efforts, including coordinating with stakeholders, converting information technology systems, conducting provider and beneficiary outreach, training of business partners, and issuing new cards.

     Of the three options in CMS’s report, we found that replacing the SSN with a new identifier for use by both beneficiaries and providers offers beneficiaries the greatest protection against identity theft, because the SSN would no longer be printed on the card.  In addition, because providers would not need the SSN to interact with CMS, they would not be required to collect or maintain this information, reducing beneficiaries’ vulnerability in the event of a provider data breach.  This option may also prevent fewer burdens for providers, because they would not have to query a CMS database or call CMS to obtain beneficiaries’ information.

     CMS estimated that implementation would cost between $803 million and $845 million over 4 years, depending on the option selected.  Approximately two-thirds of the total estimated cost are associated with modifications to state Medicaid IT systems and CMS’s and its contractors’ IT systems.  We have four key concerns regarding the methods and assumptions CMS used to develop its cost estimates that raise questions about their reliability.

     First, CMS did not use any standard cost estimating guidance in developing their estimates.  Second, the procedures used to develop the estimates for the two largest cost categories, the Medicaid IT systems and the CMS IT systems, are questionable and not well documented.  Third, we identified some inconsistencies in the assumptions used by CMS and SSA in developing the estimates.  Finally, CMS did not take into account other factors, such as possible efficiencies that could be realized by combining IT modifications required to remove SSNs with related IT modernization efforts, or consider potential savings from not having to monitor compromised SSNs.

     While CMS has identified options for removing the SSN from Medicare cards, the agency has not committed to a plan for this removal.  Lack of progress on this key initiative leaves Medicare beneficiaries exposed to the possibility of identity theft. 

     In a report we are releasing today, we have recommended that CMS select an approach for removing the SSN from the Medicare card that best protects beneficiaries from identity theft and minimizes burdens for providers, beneficiaries, and CMS.

     We have also recommended that CMS develop an accurate, well-documented cost estimate using standard cost estimating procedures.

     Mr. Chairman, this concludes my prepared remarks.  Happy to answer any questions.

     [The statement of Kathleen King follows:]

     *Chairman Johnson.  Thank you, ma’am.  I thank you both for your testimony.  We will now turn to questions.

     And as is customary for each round of questions, I will limit my time and will ask my colleagues to limit their questioning time to five minutes, as well.

     Mr. Trenkle, do you speak for CMS?

     *Mr. Trenkle.  Do I speak for CMS?

     *Chairman Johnson.  Yes.  Can you make a statement on their behalf?

     *Mr. Trenkle.  I can certainly make statements on their behalf to some extent.  Obviously, I am a career employee of CMS; I am not a political employee.  So I can only speak at a certain level.

     *Chairman Johnson.  Well, that shouldn’t matter.  On behalf of the one million Medicare beneficiaries, I am a little bit upset.  First, CMS responded to a bipartisan letter from leadership of this committee over 12 months after the deadline.  And I think it is unfair.  But how dare CMS treat this committee, this Congress, and our nation’s seniors with such contempt?

     Second, despite the fact that this committee’s bipartisan letter asks for detailed estimates and justifications for all costs, we now learn from GAO that your cost estimates aren’t credible.

     Finally, despite a decade of instruction from the Congress to take Social Security numbers off Medicare cards, CMS has not committed to a plan for such removal.  And you are probably aware that the health organizations around the country took them off, and that the military has been taking them off.

     *Mr. Trenkle.  Right.

     *Chairman Johnson.  And if they can do it, and you were asked to do it some many years ago, I don’t understand what is taking so long.

     In your testimony you say CMS takes seriously the risk of identity theft for Medicare beneficiaries, and that it appreciates the concerns expressed by Congress, and beneficiaries, regarding the continued use of serial numbers on Medicare cards.  Do you believe this?

     *Mr. Trenkle.  Yes, I do.  I can certainly understand your frustration and other frustrations of the committee and subcommittees regarding where we have gone over the last seven years with the two cost estimates and the other work that is being done by federal agencies.

     *Chairman Johnson.  Well, it is all of us, both the Democrats and Republicans working together on this committee that have become upset about empty words.  And it is outrageous that you are kind of thumbing your nose at Congress and seniors. 

     I can only conclude that CMS is busy doing other things besides protecting the privacy of seniors and the integrity of Medicare.  So, it seems it is going to take an Act of Congress — another one; we already made one — to make CMS remove the Social Security numbers.

     Mr. Trenkle, is it true that CMS requires that cards issued by part C, Medicare Advantage, and part D, prescription drug benefits, do not display a Social Security number?

     *Mr. Trenkle.  Yes, that is correct.

     *Chairman Johnson.  Aren’t you being hypocritical, asking your service providers to do what you won’t do?

     *Mr. Trenkle.  I don’t believe it is hypocritical.  I think, as part of the changes in the OMB directive, we made a number of changes over the last several years.  That was one that we — as we implemented the part C and D plans, that we made that change.  And, as you say, that was done by the private insurers.

     However, to do something on the scale of what we are talking about for CMS and Medicare, we are talking about a much larger effort that is much more intertwined with other federal agencies.  I mean the Medicare Advantage is probably about 25 percent of the overall Medicare.  So if we are talking, say, 50 to 52 million Americans, that is 13 million, as opposed to 39 million, plus the connections with SSA —

     *Chairman Johnson.  Well, let me just interrupt you and say GAO talks about the Department of Defense and Veterans Affairs efforts to remove the Social Security numbers from their ID cards.  Have you even talked to them to find out how they did it?

     *Mr. Trenkle.  We have talked to them, and we have also talked to the private insurers, as well.

     It is good to keep in mind — and I am not — let me just first state up front I am not making excuses.  I certainly want to work with Congress, and we want to work with you all to look at the various priorities that Congress has asked us to do, and see how we can work this in with the other priorities for the Medicare program.  So I don’t want to make excuses.

     But I do want to say that there are differences between the DoD and VA.  One is the scale; our scale is much larger.  The second is that VA is a closed system.  DoD is a partly closed health care system.  So — and they are certainly not as entwined with Social Security.

     If you remember, Social Security really works as our arm of operations for this program.  So it is not to trivialize the work that they have done, but just to say that it is going to be a massive undertaking if we go down this road.

     *Chairman Johnson.  Well, they did it because they were able to and willing to make the change as they print new cards.  You print new cards in millions.  And I don’t understand why we can’t get something going.  It has been too many years behind. 

     And I will stop there and question some more later.  And I yield to my compadre, Mr. Becerra.

     *Mr. Becerra.  Mr. Chairman, thank you.  And thank you to the three of you for your testimony.  And I hope that this is just the beginning of a process to get us to the point where we are able to remove that Social Security number from the Medicare cards.

     Mr. Trenkle, let me ask a couple of questions.  In terms of the implementation of the different services that CMS and Medicare provide to the millions of Americans who are beneficiaries of Medicare services, having paid into the system to earn those benefits, Medicare doesn’t have any local offices to administer the services that seniors and others who receive Medicare benefits need.  Right?  They don’t have their —

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  When a senior applies for Medicare, that senior doesn’t go to a Medicare office, but he or she must go to a Social Security office.  Is that correct?

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  That means that taking in an application for benefits, or responding to inquiries regarding Medicare benefits is done — if it is done directly to an office, it is done to a Social Security office.

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  Who issues Medicare cards?

     *Mr. Trenkle.  The cards are — the numbers are actually ‑‑ SSA actually does the enumeration, and we actually issue the Medicare cards.

     *Mr. Becerra.  So, Social Security is part of the process of issuing these cards to seniors, the Medicare cards?

     *Mr. Trenkle.  That is correct, except I also want to mention in the case of the Railroad Retirement Board, they actually do it for the Railroad Retirement Board retirees

and —

     *Mr. Becerra.  And if a senior needs to have a Medicare card replaced, they go to a Social Security office.

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  Okay.  Who collects the premiums, the Medicare premiums, from seniors?

     *Mr. Trenkle.  It is part of the Social Security — it comes out of the Social Security check.

     *Mr. Becerra.  And if a senior wants to talk to someone in person, has a question about his or her Medicare benefits and wants to speak to someone in person, they are confused about their benefits, they don’t believe they got their correct service out of Medicare, they go to a Social Security office, do they not?

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  So while I know you are here with CMS and not with the Social Security Administration, it is clear that the Social Security Administration will have a large role to play in whatever we do with removing the Social Security number from the Medicare card.

     *Mr. Trenkle.  Yes, that is correct.  And as I mentioned earlier in my testimony, I worked at both places, so I understand that the — impact this will have on the field offices at Social Security.

     *Mr. Becerra.  And while we are hoping to get a more accurate estimate of the cost of removing that number from the Medicare card, it is clear that it is going to cost some money.

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  And there — we have got estimates.  Early estimate in 2005, 2006 was somewhere over $300 million.

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  A 2011 estimate was somewhere over $800 million.  We are talking in the hundreds of millions of dollars, likely, to remove the card and secure the safety of that — excuse me, remove the Social Security number from the card and to secure the safety of that number for our Medicare beneficiaries.

     *Mr. Trenkle.  That is correct.  And also, there is going to be considerable outreach required, because of the fact that we will need to educate the beneficiaries and their families on the changes that are being made to that card, as well as the provider community.  The provider community, this will be a major change for them, as well.

     *Mr. Becerra.  So this is not something that the Social Security Administration or CMS, which helps administer Medicare, currently is being funded to do.

     *Mr. Trenkle.  That is correct.

     *Mr. Becerra.  And so, either you receive resources to try to compensate for the hundreds of millions of dollars it will cost to make this change to secure the Social Security number for seniors on their Medicare card, or you have to shift your resources from other current services in order to pay for the cost of this transition.

     *Mr. Trenkle.  Yes, that is correct.

     *Mr. Becerra.  What types of services might be affected if you have to take from existing resources and — existing services in order to cover the cost of transitioning to a Medicare card without a Social Security number?

     *Mr. Trenkle.  Well, I can’t really speak to that today, because part of it is — as you know, most of the work that we do is based on congressional legislation, and we follow out the wishes of Congress.  So if we are going to make some changes and it would impact priorities, we would need to work with you and others and determine which priorities would need to be shifted to enable us to fund that out of our existing resources.

     *Mr. Becerra.  Well, I hope you are able to give us some clear guidance on what might happen if we instruct CMS and Social Security and Medicare programs under HHS to move forward with this transition without providing you with the resources.  Because I can assume that it can only get worse for seniors who are right now trying to get their Social Security services.  They have already seen, as a result to the budget cuts to Social Security Administration’s budget, reduction in the number of hours that their offices are open.  There are longer wait times now when people call the 1-800 number to get Social Security services.  We understand that the Social Security Administration has had to reduce the size of its staff.

     And so, more and more, what we are talking about is short-changing Americans who work very hard to pay for their Social Security and Medicare services.  And I would hate to see that we instruct you to do something that is absolutely essential to provide protection against identity theft, but we do at the cost of providing good service to those who worked so hard to earn those services.

     So, I thank the three of you for your testimony.  I look forward to working with you in the future. 

     *Mr. Trenkle.  Thank you.

     *Mr. Becerra.  Thank you, Mr. Chairman.  Yield back.

     *Chairman Johnson.  Thank you.  Chairman Herger, you are recognized for five minutes.

     *Mr. Herger.  Thank you, Chairman Johnson.  And, Mr. Trenkle, I am pleased to hear that under questioning from Chairman Johnson you indicated that you are not here to make any excuses. 

     More than one decade ago, GAO first recommended removing Social Security numbers from government documents.  CMS failed to act.  More than five years ago the OMB issued a directive telling all federal agencies to develop a plan for reducing unnecessary use of Social Security numbers and explore alternatives.  Again, CMS failed to act.

     Now, I know CMS claims that Social Security numbers are important to carrying out program functions.  But I have to imagine it was also important to the DoD, the VA, and they are well on their way to removing Social Security numbers.  I also imagine it was important to private insurance companies before they removed Social Security numbers, replacing them with unique identifiers.  I am sure the same can be said for Medicare Advantage and prescription drug plans. 

     The Social Security Administration inspector general states, “Medicare cards unnecessarily place millions of individuals at risk for identity theft.  We do not believe a federal agency should place more value on convenience than the security of its beneficiaries’ personal information.”

     After more than 10 years, CMS has failed to lead and failed to act.  And, as a result, nearly 50 million Americans are at risk.  In fact, were it not for a directive from Congress, I wonder if CMS would have even considered removing Social Security numbers from the Medicare card.

     Mr. Trenkle, does this Administration believe Social Security numbers should be taken off of the Medicare identification cards to protect our seniors?

     *Mr. Trenkle.  Thank you, Chairman, for your remarks.  And as I said earlier to Chairman Johnson, I understand your frustration.  And I —

     *Mr. Herger.  And if you could give me a yes or no, does the Administration feel the numbers should be taken off?

     *Mr. Trenkle.  As I mentioned earlier, we do feel that the option one that GAO spoke of, which was replacing the number with a new identifier, would offer the greatest protection against identity theft.

     *Mr. Herger.  Then why hasn’t CMS acted?

     *Mr. Trenkle.  Well, as I mentioned a few moments ago, we have a number of congressional mandates around the Medicare program that we are trying to implement.  And this will be an extensive undertaking, regarding of how you look a the cost numbers.  It will be an extensive undertaking.  So we need to work with you and others in Congress to reprioritize, or look at the other priorities, to determine how this will be taken care of, if additional appropriations are not given to us for this.

     *Mr. Herger.  And, Mr. Trenkle, are you aware that the Department of Defense and Veterans Administration did not require new funding to remove Social Security numbers from their membership cards?  They use existing funding?

     *Mr. Trenkle.  I heard that this morning, and I am not really aware of how they did the change and how they made the necessary budget adjustments to do that.  So I would certainly be interested in talking to them more about how they managed to do that within their existing budgets.

     *Mr. Herger.  Now, I know that Medicare has far more beneficiaries, but I also know that CMS administrative budget is quite large.  Why is it that CMS can’t follow in the footsteps of DoD and VA, and use existing money to implement this long overdue and needed change?

     *Mr. Trenkle.  Well, as I said earlier, it is not exactly comparing apples to apples, because they do have a different type of setup, in terms of the — how its — how the operations are done, that they operate mostly within closed systems, and that they have different types of arrangements, in terms of funding, than we do.  So I can’t say they can do it this way and we can do it that way.

     But at the same point, I understand what you are saying.  It is a large budget, and we do an awful lot of work with that budget, as you know, because a lot of legislation comes out of Congress each year that impacts us. 

     So, as I have said earlier, we will commit to looking at that in our new and more rigorous cost estimate, and see where there — if we cannot get additional appropriations, how we can work with Congress to reprioritize some of the mandates that you have asked us to achieve.

     *Mr. Herger.  And I might just close with how can you expect Congress to provide additional funding when your agency, according to GAO, is unable to produce a credible estimate?

     And I yield back.

     *Chairman Johnson.  Thank you.  Mr. Stark, you are recognized.

     *Mr. Stark.  Thank you, Mr. Chairman.  I want to thank the panel for their enlightenment this morning.

     The — Mr. Trenkle, I guess GAO has had two recommendations.  And what — which one would — approach would you prefer for removing the Social Security numbers?

     *Mr. Trenkle.  I guess I mentioned that just a moment ago, that we think that the one that would provide the best ‑‑ we would like to re-estimate all three options, but the one that we feel that would provide the best protection against identity theft would be replacing the number with a new number, which is our option one.

     *Mr. Stark.  Could you state today a timeline, an estimate within a couple of months, one way or the other, as to what it would take to complete this — the contractor, and have it completed?

     *Mr. Trenkle.  To re-do the estimates?  I think we could do that within the next six months.  Certainly without — let me —

     *Mr. Stark.  Yes.

     *Mr. Trenkle.  The only caveat would be the Medicaid costs, which may require more research to make sure that we have them correct.  But I think we can leverage the work we have already done, do the more rigorous cost estimating work with our colleagues from GAO, and bring another contractor.  I feel that we can do that within the next six months.

     *Mr. Stark.  Great.  Thank you very much.

     *Mr. Trenkle.  Thank you.

     *Mr. Stark.  Thank you, Mr. Chairman.

     *Chairman Johnson.  Thank you, Mr. Stark.  Mr. Reichert, you are recognized.

     *Mr. Reichert.  Thank you, Mr. Chairman.  Mr. Trenkle, have you been a victim of identity theft?

     *Mr. Trenkle.  I have not, personally, although I know others who have.

     *Mr. Reichert.  So you have visited with people who have been victims of identity theft?

     *Mr. Trenkle.  I know people who have been victims of identity theft, and it is not a trivial matter that it happens, yes.

     *Mr. Reichert.  Have you had an opportunity to visit with some of the constituents that you serve through your job, current job, regarding identity theft and the impacts on American citizens?

     *Mr. Trenkle.  The ones who have had identity — have had — have been victims of identity theft?

     *Mr. Reichert.  Yes.  Have you had the opportunity to visit with any of the beneficiaries who have been victims?

     *Mr. Trenkle.  Not personally, no.

     *Mr. Reichert.  So when you say you understand the concerns, what are you — I don’t know what you really understand about identity theft.

     I was a police officer for 33 years, and I dealt with people who lost their identity.  And it was one of those events that can be traumatic enough to turn your life upside down.  Lose your home, lose your car, lose your — everything you own.

     So, do you believe that it — 10 years has been mentioned.  Personally, do you believe that is — you should have had this solved by then, by now, 10 years later?  Or — I mean do you think that is too long, or do you think you are just about in the ballpark where you need to be, or —

     *Mr. Trenkle.  Well, let me —

     *Mr. Reichert.  I just was wondering personally how you felt about — I mean you are a part of the system.  Ten years to solve this problem.  I am just wondering how you personally feel about having worked on this — you feel some frustration?

     *Mr. Trenkle.  I understand your frustration.

     *Mr. Reichert.  No, I am asking you if you feel frustration.

     *Mr. Trenkle.  Right.  Yes.  Yes.

     *Mr. Reichert.  What is the sort of the — what happens to you or other members of CMS if they don’t accomplish this task?  What is the hammer?  What is the outcome for you?  I mean you get to work every day.  You get your job, right?

     *Mr. Trenkle.  Right.

     *Mr. Reichert.  What is the outcome for Americans if you don’t get it done?  They become victims of identity theft and they lose their homes.

     *Mr. Trenkle.  Well, I think —

     *Mr. Reichert.  What is your motivation to get this accomplished?

     *Mr. Trenkle.  The motivation to get it accomplished is that I feel that it is one of the potential ways that there can be identity theft.  There is much more ways of that happening than through the Medicare card.  And we are here to serve the Americans every day, not only because I have family members, but because I —

     *Mr. Reichert.  If I could — Mr. Trenkle, 10 years.

     *Mr. Trenkle.  Yes.

     *Mr. Reichert.  The American people don’t understand why it takes 10 years to accomplish this.  And what I hear from you — and I — you know, your statement about congressional mandates, and we need to reprioritize congressional mandates, can you be specific about what those mandates — what kind of mandates are you talking about?

     *Mr. Trenkle.  Well, there is many changes to the Medicare —

     *Mr. Reichert.  For example?

     *Mr. Trenkle.  For example?  There is changes in payment schedules that occur each year.  There is changes in —

     *Mr. Reichert.  Those are congressional mandates, or that is just part of your daily routine?

     *Mr. Trenkle.  Often changes in — yes.

     *Mr. Reichert.  Are the congressional mandates that you are speaking about, are they associated with the new health care law that we are in the middle of implementing?

     *Mr. Trenkle.  That is certainly one of the congressional mandates, yes.

     *Mr. Reichert.  So how could we alter the current health care law to help you keep Americans from suffering the victimization that identity theft brings?  How can we change this implementation process to help you get that done?

     *Mr. Trenkle.  Well, as I said earlier, I am happy to work —

     *Mr. Reichert.  Just one idea?

     *Mr. Trenkle.  I am not really — I really don’t —

     *Mr. Reichert.  Mr. Chairman, I yield back.

     *Chairman Johnson.  Thank you.  You know, how many millions of cards do you produce a year?

     *Mr. Reichert.  We produce millions of cards a year.  I could get you the number.

     *Chairman Johnson.  It is close to three million, I think.

     *Mr. Reichert.  Yes, it — well, it is actually higher than that now.  And about 10 percent of them are actually — have to be replaced each year, either because they are lost, or because there is other reasons why.  Someone changes their name, or —

     *Chairman Johnson.  Yes.  Well, you see, the Defense Department solved this issue by putting a new number on the new cards they issue.  Why in the world can’t you guys do that?

     *Mr. Trenkle.  It can be done.  That is one option.

     *Chairman Johnson.  Well, why haven’t you done it?

     [No response.]

     *Chairman Johnson.  I mean I don’t think you guys are into this issue like you should be, to protect the United States citizen.  Wow.

     Mr. McDermott, you are recognized.  What, did he leave?  Oh, wake up down there.


     *Mr. McDermott.  I didn’t think you would jump past all those worthies down there.

     *Chairman Johnson.  Thank you.

     *Mr. McDermott.  Do you know that there is an election some — are you aware of that?

     *Mr. Trenkle.  I have heard something about that.

     *Mr. McDermott.  And occasionally there are hearings that sort of strike one to be a little bit political.  I — we have nine legislative days left, so I don’t know if we are going to get down to this.  But I was trying to figure out practically, following up on those last questions, there are 50 million people participating in Medicare.  Now, it shouldn’t take you much more than a week to print 50 million cards and put them in envelopes and send them on out to these people.  Should it?

     *Mr. Trenkle.  Well, it would probably take a little bit longer than that.

     *Mr. McDermott.  Well, let’s say a month.  Let’s say a month.  I mean that is — we do political campaigns and we send out millions of pieces of information to folks.  And you could just put it in an envelope and send it on out.  So you could send out 50 million in a month.  Or maybe two months.  Let’s do it that.

     Now, what kind of chaos do you think that would create in the system for the providers?  Because I am looking at it ‑‑ I hear Mr. Reichert talk about he is a police officer.  I am a doctor.  So now I got all these seniors coming in.  What kind of chaos are you going to create for the providers by putting out 50 million new cards and new numbers to put on all the forms?

     *Mr. Trenkle.  It would create quite a substantial change for the providers.  There is no doubt about that.

     *Mr. McDermott.  So you think that the chairman is thinking about the providers when they are talking about changing this number?  Do they just think this is something ‑‑ they are only thinking about the seniors’ votes, but not the providers’ votes when this chaos is created?

     *Mr. Trenkle.  I can’t speak for the chairman.  I don’t know.  I do know that will be an impact on — that certainly will be a major impact on the providers.

     *Mr. McDermott.  How does that number get — I mean how does the doctor get the number that he is supposed to put on the form?

     *Mr. Trenkle.  Gets it from the card.

     *Mr. McDermott.  And so, if these 50 million members now have a new card, and they have got to bring it into their doctor and say, “Doctor, here is my new number, don’t put that old number, you won’t get paid,” right, how many — what would you just guess is the percentage that would not get that number in, or wouldn’t have the card in their pocket when they got sick or got hit by a car, or whatever?

     *Mr. Trenkle.  Oh, I can’t even estimate that.

     *Mr. McDermott.  But it would — you would suspect there would be a sizeable number of people.

     *Mr. Trenkle.  It would certainly have the potential to impact a great number of people, yes.

     *Mr. McDermott.  You know, I refinanced my house the other day.  And the lady on the phone said, “Give me the last four digits of your Social Security number.”  Now, are the banks allowed to use that as an ID number?

     *Mr. Trenkle.  Yes, they do that quite often with the last —

     *Mr. McDermott.  The banks can do it.

     *Mr. Trenkle.  Yes.

     *Mr. McDermott.  Well, why don’t you give me a special number so I can have my American number, so I can give that to them and get rid of that Social Security number so nobody can find out what I am doing?

     I mean you are going to keep a record of these numbers, right?

     *Mr. Trenkle.  Correct.

     *Mr. McDermott.  And so I — instead of having 358‑28‑7705, I am going to have 779-16-4382.  Right?

     *Mr. Trenkle.  That is correct.

     *Mr. McDermott.  Somewhere, that list will be with that ‑‑ right?

     *Mr. Trenkle.  Yes.

     *Mr. McDermott.  How do these people lose their identity?  How does somebody get my number and pull it out and start fiddling with my financial stuff at the bank?

     *Mr. Trenkle.  I don’t feel qualified to speak to all the ways that identity can be compromised.  There are certainly a number of ways it can be compromised.

     *Mr. McDermott.  Does your fraud division use — does the CMS fraud division use that Medicare number?

     *Mr. Trenkle.  Yes, they do.

     *Mr. McDermott.  So we got to make sure we get this to them so they can trace these fraudulent operators who are operating these places down in Florida and Texas, where they are just rolling in dough with people who aren’t receiving benefits.  You need a number for those kind of fraud investigations.

     *Mr. Trenkle.  That is correct.

     *Mr. McDermott.  So this number, this new number, I am going to be carrying a card in my pocket with it on it.  Right?

     *Mr. Trenkle.  Correct.

     *Mr. McDermott.  Presumably.

     *Mr. Trenkle.  Presumably, yes.

     *Mr. McDermott.  I mean I have my — I was looking here at my Medicare — or my cards here from my insurance from the legislature, from the Congress.  And I have got a number on there.  It is not my — it is not that old Social Security number, but it is a number.  So somebody can get a number for me and plug in some way — I understand there is people who hack into computers.  Is that right?

     *Mr. Trenkle.  I have heard of a few who have, yes.

     *Mr. McDermott.  Have any of them gone to jail?

     *Mr. Trenkle.  I presume so, yes.

     *Mr. McDermott.  Have some of them taken money out of Medicare?

     *Mr. Trenkle.  Yes.

     *Mr. McDermott.  So they hacked into a computer where there was a list of numbers, right?

     *Mr. Trenkle.  I really can’t — I don’t feel like I can really get into a whole lot of detail on that subject.  But I mean there is certainly possibilities for hackers to get into systems of any organization.  I mean —

     *Mr. McDermott.  Do you think it is possible in this electronic world we have today to give people 100 percent certainty that they are not going to lose their identity through this method?

     *Mr. Trenkle.  No, I don’t believe so.

     *Mr. McDermott.  I yield back the balance of my time.

     *Chairman Johnson.  Thank you.  The gentleman’s time has expired.

     *Mr. Stark.  Mr. Chairman?

     *Chairman Johnson.  Yes?

     *Mr. Stark.  Yield for a second to ask the gentleman from Washington?

     If you — when Bubbles sends you that email and asks if you want a good time and just send her your Social Security number, if you don’t do that, then she won’t have your Social Security number.  Okay?


     *Chairman Johnson.  I am not sure I understood that.  But Mr. Berg, you are recognized.

     *Mr. Berg.  Well, thank you, Mr. Chairman.  You know, one of the things that we do is we learn from other agencies and how they have gone through this.  You know, as we sit here and listen to the frustration, I, you know, go back to 2002, I think, when GAO first came out and made this recommendation. 

     Really, Mr. Bertoni, if we could kind of get to, you know, what steps DoD took and the VA to remove Social Security numbers from the membership cards, and tell us, you know, what those agencies do well.  Is there anything that Medicare can learn from this and implement, as we are here today?

     *Mr. Bertoni.  I think, first and foremost, they recognized it as a priority.  And whether it be in response to directives from the outside, or just the basic cultural shift in this country, that we need to remove SSNs from massive use and display and then move forward in trying to use appropriate technology in house — I mean within their budget — to redact and remove these SSNs. 

     So, the first step was to get them off the cards.  So I would say that was a great effort.  Now these SSNs and other information are embedded in the mag strips and the bar codes behind — within the card.  The agencies, both DoD and VA, are realizing that that is first generation technology, and they are already looking forward to what they need to do to further protect that card, which is to remove the SSN information and replace it with a non-SSN-based identifier.  So, clearly, CMS is — if they move forward, we prefer it to head in that direction.  So that is a lesson learned.  You want to get the card — the number off the front, and off any bar code or mag strip or anything in the card.

     Certainly DoD piggy-backed off of existing IT adjustments.  They were able to leverage resources to make the changes in accordance with other adjustments.  So I think that would be — CMS might want to talk to them about.

     And lastly, I think this cost is high in some respects because it is a rapid-phase-in.  It is a one-year period.  They are going to run dual systems for one year.  But after that it is going to go to a single system, and they are going to have all these people issued new cards.  There may be some opportunities to leverage resources to look at, if they ran dual systems for the second year or third year, would that counteract any additional costs that they are claiming would be encountered if they ran dual systems for more than a year.  I don’t know if that analysis has been done.  I think they could reach out to DoD and VA to see how that worked and what the cost savings were.

     *Mr. Berg.  Well, thank you.  And that is really my only question we have part of the same family here.  Let’s use the best practices and implement them. 

     I will yield back, Mr. Chairman.

     *Chairman Johnson.  Thank you.  Appreciate that.  Mr. Doggett, you are recognized.

     *Mr. Doggett.  Mr. Chairman, thank you.  And I want to express my full agreement with the comments that you have made here this morning, and that you have made here in the past concerning this very serious matter of identity theft, and the failure of CMS to live up to its responsibilities to address it.

     This is not a matter of frustration.  It is a matter of the proper oversight of this committee over the actions of CMS.  We have had bipartisan agreement about the severity of this problem and the need to address it.  And we have also had bipartisan inaction at CMS.  This began during the administration of President Bush.  It has continued under the administration of President Obama.  Under neither administration has CMS been responsive on this matter.

     When we together, Mr. Chairman, introduced the legislation that Congress passed way back in 2008, it was not a smooth process.  CMS resisted in every way our approval of that legislation.  And to address the concerns that CMS voiced then about the legislation, we amended it to provide that they did not have to achieve all aspects of this until necessary appropriations were made available.  They came in with what I considered at that time — and this was under the Bush Administration — an estimate that was very high, as we were about to get the legislation passed, as a way to discourage approval of the legislation. 

     The problem is that CMS never agreed that this was a priority, or that it needed any attention.  They didn’t agree with what I think was the very proper recommendation of the Office of Management and Budget under the Bush Administration.  The CMS part of the bureaucracy didn’t think it was something that needed to be done.  We finally got it passed after it was delayed here in the House until very near the end of the session.  And the continued resistance of CMS managed to get this bill stopped in the Senate.

     Since that time — the reason we have a GAO report today in the first place is that we gave up on trying to get a straight answer from CMS as to the basis for their cost estimate.  And it — finally, in desperation, we turned to the Government Accountability Office to try to get a straight answer.  And now, years later, all we find out really is it will cost some money, and we don’t have a straight answer.

     And if I understand your testimony this morning, Mr. Trenkle, you are saying that in another six months you are going to contract out with someone else to do the estimate that my office started trying to get from you back in about 2007 or 2008?  Is that what this contract is about?

     *Mr. Trenkle.  We will use a contractor to help support the effort.

     *Mr. Doggett.  Well, I guess I can’t argue, after all this time, that maybe we are going to get a straighter and more complete answer from a contractor than we have gotten from CMS. 

     But the notion that this morning CMS thinks that, well, maybe after all these years it is time to talk to DoD or VA about how they accomplished it without spending $800 million, and get an accurate estimate, I find truly amazing that it would — that at this late date, years later, we would have no plan, no ability to estimate internally what the cost will be that is credible, and now we are going to spend money to have some outside source tell us what we should have been told at the time that Chairman Johnson and I introduced this legislation back in 2007 or 2008.

     I believe, Mr. Chairman, that until we go ahead and pass legislation on this, we are not going to get the action that is necessary.  I don’t agree with Chairman Herger, that this has anything to do with the Affordable Health Care Act, because it has been going on so long, and the unresponsiveness has been so consistent between administrations, that I think it takes some congressional action.  I don’t believe that this can be done for free.  There are some appropriations that will be necessary.  But those appropriations have to go hand in hand with a new attitude that is more responsive about the severity of this problem than we have had over the course of the last decade.

     And I yield back. 

     Well, if I might, Mr. Chairman, if I still have a moment, let me just ask the folks, Ms. King and Mr. Bertoni, do you — were you able to get any indication, even if they did it within their existing appropriations, of what this costs to do at either the VA or the Department of Defense?

     *Ms. King.  We did ask them that.  But we are not totally confident of the answer, because it is not a process that we looked behind to verify.

     *Mr. Doggett.  There were some costs associated with it.

     *Ms. King.  Yes.

     *Mr. Doggett.  But they accommodated this on a gradual basis, and as they were making some other technology changes.

     *Ms. King.  Yes.

     *Mr. Doggett.  I guess it is hard to break it down.

     *Ms. King.  Yes.

     *Mr. Doggett.  Thank you very much.

     *Chairman Johnson.  Well, that is true.  But they also replace those cards periodically, too.  But so does CMS.

     Looks like Mr. Berg is gone, so how about — yes, Mr. Gerlach, you are recognized.

     *Mr. Gerlach.  Thank you.

     *Chairman Johnson.  Yes, sir.

     *Mr. Gerlach.  Mr. Trenkle, I am really stunned, too, by the lack of responsiveness by CMS on this issue over the years, to follow up on Mr. Doggett’s commentary.

     Can you give us a concise and specific explanation for that lack of responsiveness beyond your testimony that just says, “given the budgetary and logistical challenges of removing Social Security numbers.”  Can you give us more specificity and conciseness as to why there is this internal, departmental lack of responsiveness to the need to do this?

     *Mr. Trenkle.  I don’t think there is a lack of responsiveness to do this.  I personally have only been involved in this for the past year. 

     But I think there is other — as I said before, there is other priorities that we are dealing with in the Medicare area.  And that has been where we have been looking at over the past two cost estimates.  People have looked at the costs and have looked at other priorities, and have said that this will take a significant number of resources, time, and effort to do.

     *Mr. Gerlach.  How much money do you think would be saved in savings from improper payments that occur within the system, which is — the GAO has estimated in this most recent report $48 billion a year of improper payments in Medicare each year — how much of that $48 billion can be saved if there is more security around the beneficiaries’ cards, their identification, their identity?  How much can be saved if this were fully implemented?

     *Mr. Trenkle.  I am not prepared to answer that question.

     *Mr. Gerlach.  Why not?

     *Mr. Trenkle.  Because the —

     *Mr. Gerlach.  Why haven’t you estimated that?  Congress has told you repeatedly, year after year, that this has to be done.  And there is tremendous savings that would result from it.  Why haven’t you figured out what that number is?

     *Mr. Trenkle.  As I —

     *Mr. Gerlach.  Do you care?  Do you really care about saving the identity and the taxpayer’s funds that go into this program?  Do you really care?

     *Mr. Trenkle.  Yes, I care, and —

     *Mr. Gerlach.  Then how do you demonstrate it?  You are the Office of Information Services.  In your request to your superiors for this year’s budget, you make a request from your office to your superiors that ultimately winds up through OMB, that then becomes part of the President’s request to Congress.  Have you asked for a specific line item in your budget that you can use to go out and implement this program?

     *Mr. Trenkle.  Well, the budget includes more than IT.  It includes other costs.

     *Mr. Gerlach.  Have you requested from your office to your superiors, “Give me X number of dollars this year, so I can implement this program immediately”?

     *Mr. Trenkle.  No, I have not.

     *Mr. Gerlach.  Why?

     *Mr. Trenkle.  As I —

     *Mr. Gerlach.  You know Congress wants to get this done.  Why haven’t you done that?

     [No response.]

     *Mr. Gerlach.  You don’t care, obviously.  Until you put in writing what you want to do, “This is my priority, I am in charge of this office of information services, Congress needs to get this — wants us to get this done, we need to get it done, here is my request for that amount of money, let’s get it done,” you obviously don’t care.

     So, the next question is when are you going to start caring?  Will this hearing help you start caring?  That is a yes or no answer.  Will this hearing help you start caring?

     *Mr. Trenkle.  Well, as I say, we are going to go back and do the re-estimate and work with Congress to reprioritize if there needs to be — this needs to be done, and if we don’t get additional appropriations.

     *Mr. Gerlach.  You don’t need additional appropriations, necessarily.  You haven’t even identified how much money you really need to start the process.  And, therefore, how do you know if you have it or not within your budget?

     And if you do think you need extra money, where is the request of this — to this Congress for that money?

     [No response.]

     *Mr. Gerlach.  Well, obviously, I am frustrated.  I apologize for how I have questioned you today.  I usually don’t question witnesses in this manner.  But hopefully you can understand how frustrated many of us are.  And if you don’t have the resources needed to get this done as soon as possible, I hope you will talk to your superiors at CMS to create a special line item request in your next budget proposal to make this happen.  Do I have your assurance you will do that?

     *Mr. Trenkle.  As we do the new estimate, that is certainly something that I can talk to our leadership at CMS about. 

     And I do understand your frustration and others.  I know this has been a process that has occurred over many years.  And hopefully, at this point, with the new estimate, we can move forward to work with you and others to prioritize this along with other priorities.

     *Mr. Gerlach.  All right.  Thank you, Mr. Chairman.

     *Chairman Johnson.  Thank you.  It might not cost anything, if you take a good look at it.

     Mr. Pascrell, you are recognized.

     *Mr. Pascrell.  Mr. Trenkle, you would have to agree that it gets frightening and weird and scary when both sides agree in this Congress.


     *Mr. Pascrell.  Holy mackerel.  I looked up both the CMS budget over the last four years, five years, and Social Security Administration budget.  And not only have we flatlined it, but there have been hiring freezes — there has been in many agencies.  Social Security, I think, closed 300 small field offices.  When you look at both of these agencies, which will be intricately involved when this ever happens, we need to take a look at their budgets.

     I think the question is quite appropriate.  Did the agency ask for more money?

     The Social Security number, though, Mr. Chairman, is not confined to the issue of Medicare, whether it is on our Medicare cards.  Social Security number is a problem across the board for most Americans.  Let’s address is.  We don’t want to address it.  We only want to address it in the areas that are appropriately political.  But the average American goes through a tremendous amount of nonsense, whether it is through their credit card, whether they are going for credit in a store, about giving up their Social Security number.  And I think we need to take a look at that.  Because no one on this side of the dais up here at the dais would admit or agree, rather, that this is confined to simply those people primarily over 65 years of age.

     We have a very serious Social Security number problem, and we are not addressing it, Mr. Chairman.  And we don’t address it at our own peril.  Wouldn’t you agree?  And we need to do something about that.  Because the American people are very frustrated, the average American, if you ask them about this.  You know, “What’s your Social Security number?”  Whatever we do nowadays.  They will be asking for our Social Security numbers when we walk into theaters soon.  Don’t — you know, don’t be surprised.  Because go back 25 years and see how much more intrusive that has become in America.

     I am very concerned about that, very concerned.  I think it is just as big a problem as cyber security is on a national security level.  And if we don’t address it, it only brings the average citizen to have less faith in their government.  And having someone over your shoulder.

     And, by the way, most of these numbers are not used in the final analysis to take money from people fraudulently.  It is used by commercial interests.  They sell these numbers.  Isn’t that interesting?  Why aren’t we up here talking about that?  Well, it is not our issue here.  But the point of the matter is I think that is a bigger concern to us on a day‑to‑day basis.  You would be shocked to know where your Social Security winds up — your number winds up, rather.

     So, on an issue that we may debate as to whether we should privatize it or demonize it or eradicate it all together, that number becomes very valuable to commercial interests.  Wouldn’t you say, Mr. Trenkle?

     *Mr. Trenkle.  Yes, I would agree.  It is certainly used in a number of areas.  I know with my aunt, as I mentioned, closing out her estate, until we had the Social Security number none of the banks would even work with us to work on closing out the estate.

     *Mr. Pascrell.  What — how long do you think these changes are going to take, the ones that have been recognized today, eight years ago, five years ago?  How long is it going to take?  Mr. Bertoni or Mr. Trenkle, how long will it take to implement these specific changes?  Whether you are going the first method, the second method, or the third option?

     *Mr. Trenkle.  Well, we estimated in the latest cost estimate that it would take four years:  three years for planning, and then a year to issue the new numbers to each of our beneficiaries.

     *Mr. Pascrell.  Well, you are talking about issuing new cards as well, correct?

     *Mr. Trenkle.  That is correct.  It would require new cards, as well.

     *Mr. Pascrell.  And would the cards necessarily have new numbers on them?

     *Mr. Trenkle.  If we moved to a new identifier, yes, they would have the new identifier.

     *Mr. Pascrell.  Might those numbers be hidden from the general public or anyone else, rather than simply pronounced on the card?

     *Mr. Trenkle.  That is one option.

     *Mr. Pascrell.  I don’t see that option here.

     *Mr. Trenkle.  That is correct.

     *Mr. Pascrell.  So the issue about — and I will end on this point, Mr. Chairman — the issue about, you know, where are we really in this cost estimate and trying to get something done at the request of the Congress of the United States is a very serious question.  The folks on both sides of this aisle have asked that question.  And I don’t think you come up with a pretty solid answer.

     And I don’t mean this as a criticism so much as you appreciate the frustration, but we are talking about pretty serious stuff here.  And I would think that your association need not get back to us two years from now, but it needs to get back to us, your agency, pretty quickly.

     *Mr. Trenkle.  I certainly take it seriously.  As you know, the 2006 estimate was done under the previous administration.

     *Mr. Pascrell.  Right.

     *Mr. Trenkle.  The 2011 one was done under this administration.

     *Mr. Pascrell.  Right.

     *Mr. Trenkle.  And I understand there is bipartisan support for doing that.  And as I have said, I have committed today to going back and re-doing the estimate, getting it to you within the six months, with the possible caveat about Medicaid, and working with the committee and others to reprioritize if we don’t get additional appropriations to work with you towards a solution on this.

     *Mr. Pascrell.  Mr. Chairman?

     *Chairman Johnson.  Thank you.

     *Mr. Pascrell.  Would it be too much to ask before we leave our general meetings this year, that we get a report in September —

     *Chairman Johnson.  Well, I was going to suggest why does it take six months for an estimate, let’s try one month.  Can you?

     *Mr. Trenkle.  Well, here is — I — we can certainly give you an estimate within a month.  But as several of you members have said, and as the GAO said, they had concerns about how we did the analysis.  So, in order to do an analysis correctly, I think we need to go back and look at how it was done, apply more of the rigor that GAO has suggested, and come forward to you.

     There may be parts of this analysis we can get to you sooner than six months.  But what I am just saying is I want to go back and do this in a way that satisfies our colleagues from GAO and satisfies all of you that we have done the rigor that you feel is necessary.

     *Chairman Johnson.  Okay, thank you.  The gentleman’s time has expired.  Mr. Smith, you are recognized.

     *Mr. Smith.  Thank you, Mr. Chairman.  Mr. Trenkle, if we could perhaps reflect a little bit on the fact, I believe, that the Railroad Retirement Board uses non-Social Security beneficiary numbers for some of its members.  Is that accurate?

     *Mr. Trenkle.  Yes, that is correct.

     *Mr. Smith.  And can you reflect a bit on how that can be, and yet it seems to be such a heavy lift for the rest of CMS to use similar software and other means to accomplish moving beyond the Social Security number identity?

     *Mr. Trenkle.  I can’t speak for the Railroad Retirement Board.  I know, in terms of scalability, the Railroad Retirement Board retirees are a small fraction of the number of Medicare beneficiaries.  I believe they are in the hundreds of thousands, as opposed to 50 million.

     *Mr. Smith.  Okay.  So if the GAO folks would reflect on that, perhaps, do you have any input?

     *Ms. King.  Yes.  I think there are about 550,000 Railroad Retirement beneficiaries, so a much larger number.  And I think probably one of the key differences is that the Medicare number is used by every provider for billing.  And those billing systems are — some of them are legacy systems, some of them are antiquated, and it is a very complex network.  And when you are changing the number, you have to change it throughout the system.  So, I think that is where a lot of the complexity comes in.

     *Mr. Smith.  But the software and the infrastructure to carry that out is already existent.  Is it not?

     *Ms. King.  I can’t quite answer that, because I don’t know exactly what the Railroad Retirement Board is doing.

     *Mr. Smith.  Mr. Trenkle?

     *Ms. King.  But I think they are one system, compared to ‑‑ CMS has almost 50.

     *Mr. Trenkle.  Yes, they have a much smaller IT infrastructure, and we are talking about many more systems within CMS.  And much of the Railroad Retirement Board IT work is supported by SSA a lot more closely than what it is with CMS.  And, of course, you know with CMS we have quality areas that we support.  We have the program integrity and a number of other areas that impact the use of the number throughout our various systems.

     *Mr. Smith.  And I don’t want to over-simplify the issue, but it would seem to me that if it is possible to have a fairly — I mean smaller number, but still sizeable, to implement that conversion, I would hope that it could be done on a larger scale.

     And on that similar issue, though, it looks like the CMS report suggests that it would cost roughly $68 million to replace the 47 million cards at about $1.44 per card.  Is that accurate?

     *Mr. Trenkle.  Yes, that is accurate.

     *Mr. Smith.  Okay.  And a little research would show that some private insurance companies did voluntarily remove the numbers, Social Security numbers, from their beneficiary cards over the last 10 years.  And research shows that that costs about $.70 to $1, including shipping and handling.  Can you elaborate on the difference between those costs?

     *Mr. Trenkle.  No, I can’t.  I would have to look at the assumptions used to derive their costs, as opposed to deriving our cost.  So I can’t comment on that here.

     *Mr. Smith.  Okay.  I would be interested to know more, actually, in terms of how there could be such a difference between those numbers.

     Thank you.  I yield back.

     *Chairman Johnson.  Thank you.  Mr. Blumenauer, you are recognized.

     *Mr. Blumenauer.  Thank you, Mr. Chairman, and I appreciate Mr. Smith’s admonition he didn’t want to over‑simplify it.  And I think that is important.

     Is there any comparable system, in terms of number of participants, number of individual vendors, and scale, that would be — could — that you can return to that is anything like what you are being asked to do?

     *Mr. Trenkle.  Not in — well, certainly not in terms of scale and the tie-ins with the other major benefit programs that we have.

     *Mr. Blumenauer.  Well, I mean, I think this is — I mean I want us to pursue progress in this.  But I — one of the things that concerns me when people are talking about $.70 to print a card, or $1.50 to print a card, we are talking about over 52 million senior citizens.  And millions ‑‑ or not millions, but over a million small businesses, some of whom are — you know, we are trying to nudge into the world of electronic records keeping.

     It has taken the Federal Government a long time just to get to the point where Veterans and the Department of Defense have systems that can talk to each other.  And those are, you know, pretty self-contained, part of the same family.

     And I do think we ought to pause for a moment and think about the scale of what is being asked.  Not that we shouldn’t have more progress, not that I excuse what Mr. Doggett pointed out in terms of foot-dragging in the Bush Administration or failure in the Obama Administration to make progress, but there is a lot on the table.  And this isn’t an insurance company reprinting cards.  This — I can just imagine the outrage that we would have in hearings if, all of a sudden, 52 million voting senior citizens get something that was screwed up.

     So, I want to talk just for a second about — where are you in the organization?  You are not the director.  Is there anybody between you and the top?

     *Mr. Trenkle.  Yes, yes.  I am a career —

     *Mr. Blumenauer.  A career professional.

     *Mr. Trenkle.  Yes, correct.

     *Mr. Blumenauer.  You care about your job, you show up?

     *Mr. Trenkle.  Absolutely.

     *Mr. Blumenauer.  I wanted to just make sure that you had a chance to say that.

     But do people in your position throughout the Federal Government freelance and interpret congressional priorities or budget priorities to put in — insist upon things that are going to be in your budget, or do you respond to priorities from OMB and from the administrator of the agency?

     *Mr. Trenkle.  It is the latter, yes.  We respond to that.

     *Mr. Blumenauer.  Okay.

     *Mr. Trenkle.  As, of course, obviously, a

congressional —

     *Mr. Blumenauer.  And if we had hundreds of people like you throughout the Federal Government who thought that this was a good idea, or thought that the Federal Government should do this, or that Congress was saying that, we would have kind of a chaotic budget process, wouldn’t we?

     *Mr. Trenkle.  Yes.

     *Mr. Blumenauer.  Have you ever experienced Congress speaking with different words and having different priorities, and asking one thing and not funding it as a priority?  Have you ever seen that in your public service career?

     *Mr. Trenkle.  Yes, I have.

     *Mr. Blumenauer.  Mr. Chairman, I think we ought to cut slack for career civil servants who are doing their job.  And I resent somehow an implication that people who are doing their job and following priorities that have been in Republican and Democratic administrations, somehow they don’t care, that somehow, because they haven’t arrested somebody for identity theft, that they are not aware of it and concerned about it.  I just am concerned about the tone and nature of this.

     Because I think we ought to make progress.  I think that it is hopeless — it is very complex.  I have had, in a prior life, a little experience with personnel systems and data processing.  And so I am not excusing what prior administrations have not done, or what prior congresses have not done to stay on top of it and fund it.  But I would just hope that we are a little more respectful for the men and women who are professionals, doing their job, and trying to follow what they are told to do, not freelancing.  And I think we would have people here outraged if folks were freelancing interpreting what the Congress did.

     We have got a little legislation, Mr. Gerlach and I — who is a little agitated, and I appreciate that — but we have legislation that would establish a pilot project, H.R. 2925, that would have a secure piece of identification, to see if we could have something that would enable a better way of paying, a better way of securing identity, getting numbers off, making it individual so that CMS and others could track compliance, but would be easy for providers.

     Is there some way that we could explore something along this line, as a constructive alternative to meet both these objectives?

     *Mr. Trenkle.  I am assuming you are talking about the use of smart cards, or —

     *Mr. Blumenauer.  Yes, sir.

     *Mr. Trenkle.  — or other types of technology.

     *Mr. Blumenauer.  Yes, sir.

     *Mr. Trenkle.  I certainly think that is something worth looking into.  I think that I have had a fair amount of experience working with smart cards over the last 15 years, and I know there are some issues around scalability, particularly as you can think about the number of cards that we have to replace on a monthly basis.

     *Mr. Blumenauer.  Right.

     *Mr. Trenkle.  Also, the number of providers we have to deal with who would have to get readers.  But I certainly think it does offer some possibilities, it and other technologies.

     *Mr. Blumenauer.  I see my time has expired, Mr. Chairman.  But I would just put that on the table, that Mr. Gerlach and I have legislation that would have a pilot project to be able to answer some of these questions, to test it, that might be easier for 52 million senior citizens, and get at that big fraud number in a way that isn’t just reprinting cards, but really gets at the system.

     *Chairman Johnson.  Okay, thank you.

     *Mr. Blumenauer.  Thank you.  I appreciate your courtesy.

     *Chairman Johnson.  Thank you for your comments.  Mr. Bertoni, decades ago we co-opted the Social Security number, using it for all kinds of non-Social Security purposes.  And recently, both the private and the public sector are moving away from these numbers.  What can you tell me about this trend, and why has it occurred?  And what are some of the entities that have reduced or eliminated their use or display of Social Security numbers?

     *Mr. Bertoni.  Actually, in preparing for this, I went through a number of our prior GAO reports, and actually have a long list of folks who have made progress.

     I think that the issue of use and display, first of all, we have come to where we are because, as some of you have said today, using the SSN is easy.  It is convenient.  It is tied to so many life transactions, it is a way for both public and private sector entities to determine who you are, and especially the private sector, to determine whether they want to do business with you.

     So, from a use standpoint, I think both public and private sector, the SSN continues to be pervasive.  And I don’t believe there has been much progress in there.  We have the OMB memorandum, of course, we had some other initiatives.  But I still think the use of the SSN is as pervasive as it was several years ago.

     But when you get to the area of display, I do believe there has been a lot of progress.  I think that is the easy part.  People realize that we can’t have these SSNs emblazoned on documents, on cards.  And there has been a movement over the last decade or so to remove them. 

     Now, starting with the higher education, we no longer have SSNs on student IDs.  Easy to do.  The 50 states, when ‑‑ at one time the SSN was on every driver’s license, per the direction of the Congress.  The states have now redacted all of those.  We have had state and local governments who are — many of which are engaging in pretty aggressive initiatives to remove Social Security numbers from state and local public records.  And certainly we have the large federal agencies like DoD and VA getting out on this issue.  And lastly, the private insurance companies, getting SSNs off the cards.

     I do believe I will say that a major outlier is CMS.  They are behind the curve on this with 48 million cards on the street.  I think it is time that they have caught up with the rest of the world and started moving to an environment where the SSN is not on the card.  Most people don’t know how their identity was stolen.  Sixty-five percent of people don’t know how that happened, or who did it.  But in the 35 percent of the population of the victims that know it the second most frequent source of identity theft is a stolen wallet, a stolen purse, or interception in the mail.  And you are going to find Medicare cards in all three of those places.

     *Chairman Johnson.  Thank you.  I appreciate that comment.

     Mr. Becerra, do you have a closing comment?

     *Mr. Becerra.  I do, Mr. Chairman.  And it is inspired by some of the things that Mr. Bertoni just said, as well.

     Mr. Trenkle, I think, as you noticed, there is complete bipartisan agreement that we have got to get the number off of the card.  And there may be a bit of a breakdown, as I think Mr. Blumenauer tried to point out, about how we get there.  But I don’t think there is any doubt that, at least in this House — and I got to believe our colleagues in the Senate would agree — that it really is time, as Mr. Bertoni said, for CMS to catch up and remove the number from the card.

     But, Mr. Chairman, let me suggest something to those of us who have taken an interest in this issue here in Congress.  I agree with you that I think the re-estimate shouldn’t take six months.  You have done some work, both in 2004/2005 and 2010/2011 to come up with that estimate.  You don’t have to re-invent the wheel to come up with an estimate. 

     But let me suggest as well that if we work closely with GAO — and, Mr. Chairman, I think you are as interested in this as any, as Mr. Doggett and others have proven by authoring legislation — if we take it upon ourselves to bird dog this with CMS so that CMS understands how critical we think this is, and that we can have some bipartisan consensus about how to get this done, including dealing with the resources issue, then maybe what we can do is accelerate their time frame to get us an estimate, having participated with them in the process of coming up with this estimate, working with GAO and others who could do the non-partisan oversight.

     Maybe what we can do is, when they issue their finding about what it would cost, we are prepared to act because we will have been monitoring this all the way through, versus going through a process of holding hearings and have a hearing or a conversation or a disagreement about what it would take to get there. 

     And my sense is that there is no lack of enthusiasm on the part of Democrats or Republicans to get this done.  It is going to be more an issue of how we actually implement whatever a reasonable estimate says we should do.  And so I would hope that maybe what we can do is — to show our bonafides on this side of the dais — is keep tabs of CMS in a friendly way, but keep tabs and ride herd on you.  And hopefully, with GAO’s participation, come up with those answers that we still don’t have:  the resources, how quickly can you reprioritize, how much will you need in new additional resources, what will be the impact on current activities.

     And if we can do that, Mr. Chairman, I think we can save ourselves a lot of problems and bickering about how to actually get it done, and do it a lot faster than if we just allowed the bureaucracy to move this forward.

     So, I just offer that in the spirit of bipartisanship, to try to get this done, and also to let CMS know that we hope that they are hearing this clearly, that this is something that we want to really monitor with them.

     Yield back.

     *Chairman Johnson.  Thank you.  I appreciate your comments.  And I thank you all for your participation today.  It is a joint effort.  It is not one party or the other.

     Thank you all for being here today and for your testimony.  I look forward to continuing working with my colleagues to protect seniors from identity theft.

     With that, this joint hearing stands adjourned.

     [Whereupon, at 11:14 a.m., the subcommittee was adjourned.]

Member Questions For The Records

Tony Trenkle
Kathleen King

Public Submissions For The Record

Kenneth Ryesky
Secure ID Coalition
Zebra Technologies