[Politech] New York Blood Center requires SSN to donate [priv]

From: Declan McCullagh (declan@private)
Date: Tue Apr 27 2004 - 09:24:26 PDT

  • Next message: Declan McCullagh: "[Politech] Calif. to require return postage on unsolicited CDs, DVDs?"

    -------- Original Message --------
    Subject: NY Blood Center Requires SS# to Donate
    Date: Tue, 27 Apr 2004 12:09:31 -0400
    From: talcottk@private
    To: declan@private
    CC: rjones@private
    
    Declan:
    
    I went today to do my civic duty by donating blood -- the New York Blood 
    Center is calling for 2000 donations each day to make up a blood 
    shortage in this area.  Unfortunately, the Blood Center refused to 
    accept my blood without also taking my Social Security number.  As a 
    result, they got neither.
    
    Their rationale (from the www.nybloodcenter.org website, where on the 
    FAQ page the heading "Social Security Number and Blood Donation" is 
    highlighted in large red letters above all of the other FAQs) is 
    followed by my comments:
    
    "The New York Blood Center uses social security numbers to uniquely 
    identify donors, so that we can maintain a computerized record of each 
    donor and all of the donations they have given to our organization."
    
    Comment: Of course one could devise any number of schemes to uniquely 
    identify donors.  Other blood banks will allow one to make up a unique 
    identifier; similarly, the NY Blood Center could simply assign a unique 
    identifier to the applications of each person who did not want to donate 
    their SS# along with their blood.
    
    "After a person has donated blood for the first time a NYBC Donor Card 
    with a unique "Donor Number" will be issued. Repeat donors may use this 
    unique Donor Number in lieu of a social security number for any future 
    donations, provided they present their signed donor ID card at the time 
    of donation."
    
    Comment: This does not change the fact that the NY Blood center will 
    have my SS# in its database, which is something I was trying to avoid.
    
    "The New York Blood Center uses social security numbers to uniquely 
    identify donors, so that we can maintain a computerized record of each 
    donor and all of the donations they have given to our organization. The 
    purpose of unique records is to protect the safety of the blood supply. 
    For example, we need to know that if a donor who is ineligible donates 
    blood, it must be discarded. We need to be able to trace previous 
    donations from a donor who subsequently tests positive on one of the 
    blood screening tests."
    
    Comment: There appears to be a legitimate need to have a unique 
    identifier for each donor.  This does not justify selecting the donor's 
    SS# as that identifier.
    
    "The federal Social Security Act states that blood collection 
    organizations may use social security numbers as unique donor 
    identifiers. It is fair to say that social security number is used 
    throughout the country in this way. An acceptable alternative to social 
    security number is passport or visa number."
    
    Comment: The many organizations that use SS#s to identify people, 
    coupled with the failure of those organizations to safeguard those 
    numbers, has given rise to the justifiable reluctance of those same 
    people to part with their numbers.
    
    "Law at the state level addresses protection of blood donor 
    confidentiality. We only release information about blood donors if 
    required by law, such as Dept of Health reporting of various test 
    results, or by court order. We never share information about donors with 
    their employer, insurance company, financial agencies, etc. This 
    includes demographic data such as social security number."
    
    Comment: Since when did my SS# become "demographic data"?
    
    "Multiple levels of access codes and passwords protect our computerized 
    donor records."
    
    Comment:  (1) Prove it.  (2) Can you say "encryption"?
    
    "We have never had a breach in confidentiality of records."
    
    Comment: Can you say "hacker invitation"?
    
    Obviously this requirement has become a problem for the NY Blood Center. 
      Maybe now would be a good time for them to devise a new scheme that 
    would create a truly unique identifier for each of their donors, and to 
    eliminate Social Security numbers from their records.
    
    Regards,
    
    Kelly Talcott
    
    
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Tue Apr 27 2004 - 09:50:32 PDT