Notice: Passwords are now case-sensitive

Remember Me
Register a new account
Forgot your password?

Anders: Federal Court Rules on Plaintiff's Refusal to Provide SSN

By Dan Anders

Wednesday, May 20, 2020 | 2843 | 0 | min read

A federal magistrate judge got a full education in Section 111 mandatory insurer reporting when a plaintiff refused to provide his Social Security number in a liability settlement with the State of Rhode Island.

Dan Anders

Dan Anders

The April 27, 2020, Rhode Island U.S. District Court decision came in the case of Genaro Ruiz vs. State of Rhode Island. The judge held the defendant’s post-settlement effort to obtain the plaintiff’s SSN was “fully consistent with the express and implied terms of the settlement agreement,” given the Medicare Secondary Payer Act requirements.

Further, the plaintiff could not use the federal Privacy Act to negate the defendant’s basis for requesting the information, again given MSP requirements.


The 2007 Medicare, Medicaid and SCHIP Extension Act created a requirement for non-group health plans (NGHPs), such as the defendant State of Rhode Island, to report settlements involving Medicare beneficiaries to the Centers for Medicare and Medicaid Services. Consequently, NGHPs must determine whether a plaintiff or claimant is a Medicare beneficiary.

To verify Medicare beneficiary status, a claimant, whether a Medicare beneficiary or not, is asked to produce certain information to the NGHP, including first and last name, date of birth, gender, SSN, Medicare number or at least the last five digits of the SSN or Medicare number.

To ensure compliance, the statute provides for penalizing the NGHP up to $1,000 per day per claim for noncompliance. However, demonstration of good faith efforts to obtain the SSN can eliminate this penalty. As the court noted, CMS’ Feb. 18, 2020, proposal described the penalties and what constituted a good faith effort. (See Tower’s article, CMP Comments Submitted).

The parties in the Rhode Island liability case reached a mediated settlement agreement with the following relevant components:

  • Plaintiff, who was at least 65 at the time of settlement, acknowledged that because he was a Medicare beneficiary, it was his responsibility to resolve any Medicare claim. However, the settlement negotiations did not define how defendants would obtain closure of any possible Medicare claim or lien.
  • Plaintiff never advised defendants that he would refuse to supply his SSN, or any part of it, as part of the settlement agreement. Providing the SSN would enable the State to ascertain his status as a Medicare beneficiary and to comply with the Medicare statutory reporting requirement.
  • Defendants never advised plaintiff that the submission of his SSN, or any part of it, was a precondition to their paying the settlement proceeds.

Post the settlement agreement, the defendant provided the “RI Medicare Reporting Form” that requests the SSN. Plaintiff attorney’s response was “n/a” to the SSN question. Ultimately, the plaintiff attorney refused to provide the SSN, which caused the defendant to petition the court to intervene.

The court held an off-the-record call with the parties that resulted in the decision that the plaintiff would either provide the SSN or an affidavit stating that he did not have an SSN. Plaintiff failed to provide either and filed a motion to enforce the settlement on the basis that the federal Privacy Act gives him an absolute right to refuse to disclose his SSN.

He also made a claim for punitive damages, interest and attorneys’ fees. The defendant responded with a motion to enforce the agreement from the off-the-record call.

District Court holding

The District Court held:

  • That the defendant made significant (and successful) efforts to comply fully with the letter and spirit of MMSEA. In an effort to comply, the State of Rhode Island made the requisite query using at least a five-digit iteration of plaintiff’s SSN. (During discovery, the defendant apparently obtained the last four digits of the SSN and tried to add the fifth digit by performing a query of the multiple iterations.)
  • The state’s actions fit neatly into the not-yet-established safe harbor limned by the proposed rule, so that any penalties and sanctions for non-compliance should not be imposed.
  • The state (and the court) appropriately relied on plaintiff’s acquiescence to the use of the information he produced in discovery to make the required report to CMS.
  • There was no further need for plaintiff to disclose his SSN, or any part of it, as a prerequisite to receiving the settlement proceeds.

Regarding the plaintiff’s claim for punitive damages, interest and attorneys’ fees,
the state’s conduct in delaying payment of the settlement proceeds does not conceivably amount to “willful and wanton disregard” for plaintiff’s rights bordering on criminality.

The settlement agreement must be interpreted as incorporating and being subject to the MMSEA requirement of disclosure of the SSN (and, if that is not available, at least the last five digits of the SSN). It is not subject to the Privacy Act prohibition on SSN disclosure because MMSEA is a federal statute requiring preferably full, but at least partial, SSN disclosure.

Plaintiff was contractually obliged to provide defendants with as much of the specified information as the state reasonably needed to make a CMS query about his Medicare status. His refusal to disclose at least the fifth from the last digit of his SSN is a breach of the implied covenant of good faith and fair dealing.

Practical implications

This is one of those cases where an uncooperative claimant appears to have hit a nerve with the court, resulting in the court going above and beyond to rule in favor of the defendant. Its decision, though, shows how at least this federal court views the responsibilities of the settling parties in regard to the Section 111 mandatory insurer reporting requirement.

Key takeaways from the decision:

  • A defendant is allowed to request the SSN or an affidavit that the SSN will not be provided even post-settlement, and such request does not constitute bad faith or a violation of the federal Privacy Act.
  • The plaintiff should either provide the full SSN (or Medicare number), the last five digits of the SSN or Medicare number, or a statement or affidavit that the plaintiff is refusing to provide either. CMS even provides a standard form if the plaintiff does not want to use the form provided by the defendant.

Best practice is to attempt to obtain the SSN prior to the settlement agreement. This is not only important to reporting requirements but also to investigate Medicare conditional payments.

If the SSN or affidavit cannot be obtained prior to the settlement agreement, the agreement should include terms in which the plaintiff is required to provide such information.

Dan Anders is chief compliance officer at Tower MSA Partners LLC. This entry is republished with permission from the Tower MSP Compliance Blog.


Related Articles