It is the latest technical problem related to the Trump administration’s push to create a national directory of health providers.
By Dan Diamond and Clara Ence Morse, Washington Post
The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found.
The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept which insurance plans, framing it as an overdue improvement and part of the Trump administration’s initiative to modernize health care technology.
But a publicly accessible database used to populate the directory contains some of the providers’ Social Security numbers, linked to their names and other identifying information. For at least several weeks, CMS made the database available for public use as part of its data transparency efforts. The files are not immediately visible to users who visit the provider directory.
The Post downloaded the database and identified at least dozens of Social Security numbers belonging to health care providers while reviewing a sample of rows.
CMS did not respond to questions about how many providers’ Social Security numbers were exposed, whether it had notified the individual providers and other details about the incident.
The Post informed health officials on Tuesday that the numbers had been exposed, giving the agency time to take down the database, and contacted some of the affected providers, who said they were confused and concerned.
“I don’t even know how [Medicare officials] would get my Social Security number,” said one physician, who spoke on the condition of anonymity to avoid the risk of identity theft.
CMS officials said they are working to fix the problem that led to the exposure. A spokesperson said the problem “stems from incorrect entries of provider or provider-representative-supplied information in the wrong places” — essentially, that providers entered information in the wrong place and left their own Social Security numbers exposed.
“The agency has taken steps to address it promptly and reinforce safeguards around data submission and validation,” CMS said in a statement.
After this article published, several Democrats said Friday that they had concerns about the agency’s handling of sensitive data and demanded answers.
Rep. Richard E. Neal (Massachusetts), the top Democrat on a House committee that oversees CMS, called on Republicans who control the chamber to launch an investigation.
“The more we learn about how the Trump Administration handles the people’s most sensitive data, the clearer their incompetence becomes,” Neal said in a statement. “Do House Republicans need to see their own data exposed before they do right by their constituents and act?”
The directory is part of a broader initiative that includes plans for a new national directory of health care providers, led by Amy Gleason, the acting administrator of the U.S. DOGE Service and a senior CMS official.
The project has faced several setbacks. The Post last year reported that an early version of directory was rife with errors, including misidentifying which health care providers were covered by which health care plans.
Trump administration officials have said the directory will simplify the process for patients searching for health care practitioners by tapping the reach of the federal government.
“We felt like this is a good-use case of the government actually doing something,” Gleason said in remarks last year.
Some Democrats have raised concerns about its launch.
“We are concerned that this rushed rollout will mislead millions of seniors as they compare plans, and may cause seniors and people with disabilities to incur medical bills they reasonably believed would be covered,” Sens. Jeff Merkley (D-Oregon) and Ron Wyden (D-Oregon) wrote in November to CMS officials.
CMS Administrator Mehmet Oz and his deputies have defended the project.
“We remain committed to continuously improving the services we provide through Medicare.gov and Plan Finder, and to ensuring that all people with Medicare can make informed choices about their health coverage with confidence and transparency,” Oz wrote to Merkley and Wyden last month.
Aaron Schaffer contributed to this report.
