Dental practices collect patient Social Security numbers and a copy of the driver’s licenses for one or more of the following reasons:
Neither California nor federal law prohibit a dental practice from collecting patients’ Social Security numbers or copies of driver’s licenses and a business may choose to refuse service to someone who refuses a request for the information.
However, businesses that collect this information are required to keep it secured and to notify individuals if their information is breached. Businesses also are prohibited from displaying Social Security numbers on documents widely seen by others and from requiring individuals to submit the information through unsecured electronic communications.
Tell your patients why the information is needed and how you will keep it secured. You can do this in writing or verbally when a patient questions the practice.
If you use unique identifiers, develop your own system. Do not use the social security number or driver’s license number as unique identifiers.
Restrict access to the information to those individuals who actually need it to conduct transactions for the practice. Your privacy policies and practices should include the restricted access and uses of this information. Document staff training on privacy policies and practices.
Treat Social Security numbers and driver’s license information as you would protected health information.
Do not include Social Security numbers or driver’s license numbers on routing slips or other forms or documents circulated in the practice.
Do not include the information on any printed matter that you mail to a patient, except as required by law or if the document is a form or application. The printed matter should be in an envelope that does not allow the information to be read until the envelope is opened.
Do not require or suggest individuals submit this information over the Internet unless the connection is secured or the information is encrypted. Similarly, no one from the practice should transmit this information over the Internet unless the connection is secured or the information is encrypted.
If you share Social Security or driver’s license numbers with non-affiliated third parties to carry out specific business functions, the third party should be contractually obligated to implement and maintain reasonable security procedures and practices to protect the information.
Do not require this information to serve as passwords or codes to access Internet sites or other services.