The solution to not being "worried that our ID may get stolen" is penalize companies who report false information to credit bureaus and penalize credit bureaus that give out false information. You don't care if someone impersonates you to a lender and a bank or mattress store loses money to a fraudster. You care that the company that lost the money can erroneously report that you defaulted on a loan to the credit bureaus and then the credit bureaus mark down your credit worthiness. This affects your cost on loans, ability to rent an apartment, get a job, etc. The "Fair Credit Act of 1970" gave credit bureaus immunity from liability from reporting false information as long as they don't to it on purpose and in exchange they have to give people access to the reports and fix errors (very hard to do in practice).

People were rightfully worried in recently emerging computer age that these credit agencies would have secret dossiers on everyone. At least this law let people look at them and in theory correct them.

It probably time to revisit that 50 year old act. I'm not sure how much lenders even use the standard scores anymore. Many calculate their own scores and probably include all sorts of info that we would be mad about them using if we knew what it was.

Ironically, having it in plain text on a piece of paper in some random doctor’s office is much more secure than having it hashed in some website’s database.

Possibly even more secure than that same doctor having it in their system.

Good point. But realize it's only on that paper for a few mins before being typed into their system.

Doctor's offices are so archaic at times. Only a handful let me do the forms online in advance. And even those have more paper for me to waste when I arrive.

A public system to enter data into, probably some sort of SAS or COT for most practices, has got to introduce far more insecurities than having the clerical staff enter it into the same backend the public system has to interact with.

Dumpster diving is a thing.

In almost all cases, someone is entering what you hand wrote into a system; and then they discard the paper copy.

If they shred it that's great, but dumpster diving at medical offices has made the news many many times.

Blame the insurance companies - most major insurance companies use your SSN as a mechanism for identifying the patient. The member ID #'s can be used but it's quicker to just input the SSN.

But they already get a copy of our Insurance Cards. Shouldn't that be enough ?

When I got my Covid shot at Safeway they asked for it. I just didn't fill it out and no one even asked for it. I still had the record show up in Washington's vaccination DB, so it wasn't for that either.

I hope them asking for it didn't discourage someone without an SSN from getting their shot, since immigration status isn't relevant to eligibility.

I always leave it blank on the forms at doctor's offices and other medical facilities, no one has ever brought it up and asked for it.

Cable and phone and electric seem trained to ask for SSN. I politely say no, and we move on.

People volunteered the leaked info. Just say no.