ThinkstockPhotos-474578987

I am a senior citizen. While this distinction entitles me to a variety of perks like discounted movies and bus fare – as well as the occasional free doughnut (seriously) — it’s also a ticket to the identity theft lottery.

Turning 50 gets you an invitation to AARP and turning 65 gets you a Medicare card. What’s this have to do with identity theft? Take a close look at a Medicare card. The identification number? It’s a combination of the cardholder’s Social Security number and one or two letters.

Health insurers no longer include Social Security numbers on the cards they issue to people. The concern was that using SSNs needlessly increased the risk of identity theft, which was, and continues to be, rising exponentially. And when they did this, they stopped being co-conspirators in what has become a national epidemic.

According an article by reporter Robert Pear in New York Times, private insurers under contract with Medicare are not permitted to use SSNs on insurance cards when providing medical or prescription drug benefits. But in a serious case of “Do as I say, not as I do,” Medicare has used Social Security numbers on more than 50 million benefit cards heedless of the warnings of privacy advocates, consumer protection officials, federal auditors and investigators working on identity theft cases.

Section 501 of the Medicare Access and CHIP Reauthorization Act of 2015, a bipartisan provision authored by Rep. Sam Johnson (R-TX) and Rep. Lloyd Doggett (D-TX), signed into law last week by President Obama, finally mandates the removal of Social Security numbers from our Medicare cards. (Well, let’s just say it begins the process — and like all processes in Washington, let’s hope it actually gets done before my toddler is eligible for Medicare.) The new law is clear: Social Security numbers must not be “displayed, coded or embedded on the Medicare card.”

More than 4,500 of my fellow seniors enroll in Medicare every day. It is estimated that over the next 10 years, some 18 million more of us are projected to qualify, which will bring the total Medicare enrollment to 74 million by 2025.

What Lit the Fire?

After years of begging, cajoling and warning to no avail, what finally forced both parties in Washington to get off their butts and get it right?

Mr. Pear speculates that is wasn’t one thing, but a set of circumstances starting with the nearly universal digitization of medical records and of course ending with a culture plagued by highly effective hackers. Consider, since in just the first quarter of 2015 more than 91 million Social Security numbers were exposed to unauthorized persons in just two data compromises: Anthem and Premera.

What the new system will look like is still anyone’s guess. Here’s what we know, according to the New York Times article: SSNs will be replaced by a “randomly generated Medicare beneficiary identifier.” Additionally, Medicare officials have eight years to get the new system completely up and running—four years to issue cards to new beneficiaries and four more years to reissue cards to existing beneficiaries—it was unclear whether those two four-year items were to happen simultaneously, but since we’re talking about a government timeline there is an argument for erring on the side of forever.

Like all major government initiatives, this will be no small feat. But it is a critical one if we are to stop hearing the pitter-pat of scammer feet tap dancing on the finances of senior citizens.

Why did it take so long? Why does the IRS still require SSNs? Because we’re talking about the government.

The record speaks for itself:

  • 2004 – The Government Accountability Office warns we must reduce our dependence on Social Security numbers as individual identifiers.
  • 2007 – The White House Office of Management and Budget directs federal agencies to “eliminate the unnecessary collection and use of Social Security numbers” within two years.
  • 2008 – The inspector general of Social Security calls for the immediate removal of Social Security numbers from Medicare cards. The Departments of Defense and Veterans Affairs launch major initiatives to delete Social Security numbers from their identification cards.

How about the Department of Health and Human Services, which supervises the Medicare program? Well, let’s just say that according to the Times, the GAO felt that HHS was moving—shall we say—glacially and it really was all about money. (Forget the fact that identity theft costs America and Americans billions annually.)

The Medicare agency is no small operation. They pay close to 1 billion claims from 1.5 million health care providers every year. While I understand that the HHS has considerable budgetary and logistical issues when dealing with the identification quagmire, it is nothing compared to the expense and uproar caused by identity theft in the lives of the people HHS serves. That’s a long way of saying that this identification card “modification” is long overdue.

In the meantime, what can you do if you’re concerned that your Social Security number is in the wrong hands? Because it can be used to perpetrate many types of crimes, not just credit-related, it can be difficult to track. But it’s still important to check your credit reports regularly for signs of fraud — like new accounts you didn’t authorize. You can get your free annual credit reports from AnnualCreditReport.com, and you can get a free credit report summary, updated every month on Credit.com, to watch for changes.

That said, we are not living in a “So it is written, so it is done” age. Congress has to sit on the HHS to get 100% compliance with the law as it was passed. And we have to sit on Congress. And while we are sitting on our favorite 535 federal lawmakers, perhaps they can ask the IRS what’s taking it so long to make some changes — including killing the SSN as identifier — so Americans can stop being such sitting ducks in the sights of miscreants.