-------- Original Message -------- Subject: NY Blood Center Requires SS# to Donate Date: Tue, 27 Apr 2004 12:09:31 -0400 From: talcottk@private To: declan@private CC: rjones@private Declan: I went today to do my civic duty by donating blood -- the New York Blood Center is calling for 2000 donations each day to make up a blood shortage in this area. Unfortunately, the Blood Center refused to accept my blood without also taking my Social Security number. As a result, they got neither. Their rationale (from the www.nybloodcenter.org website, where on the FAQ page the heading "Social Security Number and Blood Donation" is highlighted in large red letters above all of the other FAQs) is followed by my comments: "The New York Blood Center uses social security numbers to uniquely identify donors, so that we can maintain a computerized record of each donor and all of the donations they have given to our organization." Comment: Of course one could devise any number of schemes to uniquely identify donors. Other blood banks will allow one to make up a unique identifier; similarly, the NY Blood Center could simply assign a unique identifier to the applications of each person who did not want to donate their SS# along with their blood. "After a person has donated blood for the first time a NYBC Donor Card with a unique "Donor Number" will be issued. Repeat donors may use this unique Donor Number in lieu of a social security number for any future donations, provided they present their signed donor ID card at the time of donation." Comment: This does not change the fact that the NY Blood center will have my SS# in its database, which is something I was trying to avoid. "The New York Blood Center uses social security numbers to uniquely identify donors, so that we can maintain a computerized record of each donor and all of the donations they have given to our organization. The purpose of unique records is to protect the safety of the blood supply. For example, we need to know that if a donor who is ineligible donates blood, it must be discarded. We need to be able to trace previous donations from a donor who subsequently tests positive on one of the blood screening tests." Comment: There appears to be a legitimate need to have a unique identifier for each donor. This does not justify selecting the donor's SS# as that identifier. "The federal Social Security Act states that blood collection organizations may use social security numbers as unique donor identifiers. It is fair to say that social security number is used throughout the country in this way. An acceptable alternative to social security number is passport or visa number." Comment: The many organizations that use SS#s to identify people, coupled with the failure of those organizations to safeguard those numbers, has given rise to the justifiable reluctance of those same people to part with their numbers. "Law at the state level addresses protection of blood donor confidentiality. We only release information about blood donors if required by law, such as Dept of Health reporting of various test results, or by court order. We never share information about donors with their employer, insurance company, financial agencies, etc. This includes demographic data such as social security number." Comment: Since when did my SS# become "demographic data"? "Multiple levels of access codes and passwords protect our computerized donor records." Comment: (1) Prove it. (2) Can you say "encryption"? "We have never had a breach in confidentiality of records." Comment: Can you say "hacker invitation"? Obviously this requirement has become a problem for the NY Blood Center. Maybe now would be a good time for them to devise a new scheme that would create a truly unique identifier for each of their donors, and to eliminate Social Security numbers from their records. Regards, Kelly Talcott _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Tue Apr 27 2004 - 09:50:32 PDT