[Congressional Record Volume 159, Number 40 (Tuesday, March 19, 2013)]
[Senate]
[Pages S1951-S1955]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




          STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS

      By Mr. LEAHY (for himself and Mr. Lee):
  S. 607. A bill to improve the provisions relating to the privacy of 
electronic communications; to the Committee on the Judiciary.
  Mr. LEAHY. Mr. President, today I am pleased to introduce the 
Electronic Communications Privacy Act Amendments Act of 2013--a bill to 
strengthen the privacy protections for email and other electronic 
communications. Last year, the Judiciary Committee favorably reported 
substantially similar legislation with strong bipartisan support. I 
thank Republican Senator Mike Lee for cosponsoring this important 
privacy bill. Senator Lee and I understand that protecting Americans' 
privacy rights is something that is important to all Americans, 
regardless of political party or ideology. I hope that all Senators 
will support this bill and that

[[Page S1952]]

the Senate will pass this privacy legislation this year.
  Like many Americans, I am concerned about growing and unwelcome 
intrusions into our private lives in cyberspace. I also understand that 
we must update our digital privacy laws to keep pace with these threats 
and the rapid advances in technology.
  When I led the effort to write ECPA 27 years ago, email was a 
novelty. No one could have imagined the way the Internet and mobile 
technologies would transform how we communicate and exchange 
information today. Three decades later, we must update this law to 
reflect the realities of our time, so that our Federal privacy laws 
keep pace with American innovation and the changing mission of our law 
enforcement agencies.
  My bill takes several important steps to improve Americans' digital 
privacy rights, while also promoting new technologies, like cloud 
computing, and accommodating the legitimate needs of law enforcement. 
First, the bill requires that the government obtain a search warrant 
based on probable cause to obtain the content of Americans' email and 
other electronic communications, when those communications are 
requested from a third-party service provider. There are balanced 
exceptions to the warrant requirement to address emergency 
circumstances and to protect national security under current law.
  Second, the bill requires that the government promptly notify any 
individual whose email content has been accessed via a third-party 
service provider, and provide that individual with a copy of the search 
warrant and other details about the information obtained. The bill 
permits the government to seek a court order temporarily delaying such 
notice in order to protect the integrity of ongoing government 
investigations. In addition, the bill permits the government to ask a 
court to temporarily preclude a service provider from notifying a 
customer about the disclosure.
  The bill contains several important provisions to ensure that the 
reforms to ECPA do not hinder law enforcement. The bill adds a new 
notice requirement to the law that requires service providers to notify 
the government of their intent to inform a customer about a disclosure 
of electronic communications information at least three business days 
before giving such notice. Furthermore, to help law enforcement 
investigate and prosecute corporate wrongdoing, the bill adds civil 
discovery subpoenas to the existing tools that the government may use 
to obtain non-content information under ECPA.
  In addition, the bill makes clear that the government may also 
continue to use administrative, civil discovery and grand jury subpoena 
to obtain corporate email and other electronic communications directly 
from a corporate entity, when those communications are contained on an 
internal email system. Lastly, the bill also provides that the search 
warrant requirement in the bill does not apply to other Federal 
criminal or national security laws, including Title III of the Omnibus 
Crime Control and Safe Streets Act of 1986, commonly known as the 
Wiretap Act, and the Foreign Intelligence Surveillance Act of 1978, 50 
U.S.C. Sec.  1801, et seq., commonly known as FISA.
  Since I first put forward proposals to update ECPA in early 2011, I 
have worked to make sure that these updates carefully balance privacy 
interests, the needs of law enforcement and the interests of our 
thriving American tech sector. During the past 2 years, I have 
consulted with many stakeholders from the Federal, state and local law 
enforcement communities, including--the Department of Justice, the 
Federal Trade Commission, the Securities and Exchange Commission, the 
International Association of Chiefs of Police, the Federal Law 
Enforcement Officers Association, the Association of State Criminal 
Investigative Agencies, and the National Sheriffs Association. I have 
also consulted closely with many leaders in the privacy, civil 
liberties, civil rights and technology communities who support these 
reforms.
  The 113th Congress has an important opportunity to address the 
digital privacy challenges that Americans face today. We should do so 
by enacting the commonsense privacy reforms contained in this bill.
  When the Senate Judiciary Committee favorably reported the Electronic 
Communications Privacy Act on September 19, 1986, it did so with the 
unanimous support of all Democratic and Republican Senators. At the 
time, the Committee recognized that protecting Americans' privacy 
rights should not be a partisan issue.
  In that bipartisan spirit, I am pleased to join with Senator Lee in 
urging the Congress to enact these important privacy reforms without 
delay. Senator Lee and I are joined in this effort by a broad coalition 
of more than 50 privacy, civil liberties, civil rights and tech 
industry leaders from across the political spectrum that have also 
endorsed the ECPA reform effort. I thank the Digital Due Process 
Coalition, the Digital 4th Coalition and the many other individuals and 
organizations that have advocated for ECPA reform for their support. I 
hope that all Members of the Senate will follow their example, so that 
we can enact this digital privacy bill with strong, bipartisan support.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                 S. 607

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Electronic Communications 
     Privacy Act Amendments Act of 2013''.

     SEC. 2. CONFIDENTIALITY OF ELECTRONIC COMMUNICATIONS.

       Section 2702(a)(3) of title 18, United States Code, is 
     amended to read as follows:
       ``(3) a provider of remote computing service or electronic 
     communication service to the public shall not knowingly 
     divulge to any governmental entity the contents of any 
     communication described in section 2703(a), or any record or 
     other information pertaining to a subscriber or customer of 
     such service.''.

     SEC. 3. ELIMINATION OF 180-DAY RULE; SEARCH WARRANT 
                   REQUIREMENT; REQUIRED DISCLOSURE OF CUSTOMER 
                   RECORDS.

       (a) In General.--Section 2703 of title 18, United States 
     Code, is amended--
       (1) by striking subsections (a), (b), and (c) and inserting 
     the following:
       ``(a) Contents of Wire or Electronic Communications.--A 
     governmental entity may require the disclosure by a provider 
     of electronic communication service or remote computing 
     service of the contents of a wire or electronic communication 
     that is in electronic storage with or otherwise stored, held, 
     or maintained by the provider only if the governmental entity 
     obtains a warrant issued using the procedures described in 
     the Federal Rules of Criminal Procedure (or, in the case of a 
     State court, issued using State warrant procedures) that is 
     issued by a court of competent jurisdiction directing the 
     disclosure.
       ``(b) Notice.--Except as provided in section 2705, not 
     later than 10 business days in the case of a law enforcement 
     agency, or not later than 3 business days in the case of any 
     other governmental entity, after a governmental entity 
     receives the contents of a wire or electronic communication 
     of a subscriber or customer from a provider of electronic 
     communication service or remote computing service under 
     subsection (a), the governmental entity shall serve upon, or 
     deliver to by registered or first-class mail, electronic 
     mail, or other means reasonably calculated to be effective, 
     as specified by the court issuing the warrant, the subscriber 
     or customer--
       ``(1) a copy of the warrant; and
       ``(2) a notice that includes the information referred to in 
     clauses (i) and (ii) of section 2705(a)(4)(B).
       ``(c) Records Concerning Electronic Communication Service 
     or Remote Computing Service.--
       ``(1) In general.--Subject to paragraph (2), a governmental 
     entity may require a provider of electronic communication 
     service or remote computing service to disclose a record or 
     other information pertaining to a subscriber or customer of 
     the provider or service (not including the contents of 
     communications), only if the governmental entity--
       ``(A) obtains a warrant issued using the procedures 
     described in the Federal Rules of Criminal Procedure (or, in 
     the case of a State court, issued using State warrant 
     procedures) that is issued by a court of competent 
     jurisdiction directing the disclosure;
       ``(B) obtains a court order directing the disclosure under 
     subsection (d);
       ``(C) has the consent of the subscriber or customer to the 
     disclosure; or
       ``(D) submits a formal written request relevant to a law 
     enforcement investigation concerning telemarketing fraud for 
     the name, address, and place of business of a subscriber or 
     customer of the provider or service that is engaged in 
     telemarketing (as defined in section 2325).

[[Page S1953]]

       ``(2) Information to be disclosed.--A provider of 
     electronic communication service or remote computing service 
     shall, in response to an administrative subpoena authorized 
     by Federal or State statute, a grand jury, trial, or civil 
     discovery subpoena, or any means authorized under paragraph 
     (1), disclose to a governmental entity the--
       ``(A) name;
       ``(B) address;
       ``(C) local and long distance telephone connection records, 
     or records of session times and durations;
       ``(D) length of service (including start date) and types of 
     service used;
       ``(E) telephone or instrument number or other subscriber 
     number or identity, including any temporarily assigned 
     network address; and
       ``(F) means and source of payment for such service 
     (including any credit card or bank account number), of a 
     subscriber or customer of such service.
       ``(3) Notice not required.--A governmental entity that 
     receives records or information under this subsection is not 
     required to provide notice to a subscriber or customer.''; 
     and
       (2) by adding at the end the following:
       ``(h) Rule of Construction.--Nothing in this section or in 
     section 2702 shall be construed to limit the authority of a 
     governmental entity to use an administrative subpoena 
     authorized under a Federal or State statute or to use a 
     Federal or State grand jury, trial, or civil discovery 
     subpoena to--
       ``(1) require an originator, addressee, or intended 
     recipient of an electronic communication to disclose the 
     contents of the electronic communication to the governmental 
     entity; or
       ``(2) require an entity that provides electronic 
     communication services to the officers, directors, employees, 
     or agents of the entity (for the purpose of carrying out 
     their duties) to disclose the contents of an electronic 
     communication to or from an officer, director, employee, or 
     agent of the entity to a governmental entity, if the 
     electronic communication is held, stored, or maintained on an 
     electronic communications system owned or operated by the 
     entity.''.
       (b) Technical and Conforming Amendments.--Section 2703(d) 
     of title 18, United States Code, is amended--
       (1) by striking ``A court order for disclosure under 
     subsection (b) or (c)'' and inserting ``A court order for 
     disclosure under subsection (c)''; and
       (2) by striking ``the contents of a wire or electronic 
     communication, or''.

     SEC. 4. DELAYED NOTICE.

       Section 2705 of title 18, United States Code, is amended to 
     read as follows:

     ``SEC. 2705. DELAYED NOTICE.

       ``(a) Delay of Notification.--
       ``(1) In general.--A governmental entity that is seeking a 
     warrant under section 2703(a) may include in the application 
     for the warrant a request for an order delaying the 
     notification required under section 2703(b) for a period of 
     not more than 180 days in the case of a law enforcement 
     agency, or not more than 90 days in the case of any other 
     governmental entity.
       ``(2) Determination.--A court shall grant a request for 
     delayed notification made under paragraph (1) if the court 
     determines that there is reason to believe that notification 
     of the existence of the warrant may result in--
       ``(A) endangering the life or physical safety of an 
     individual;
       ``(B) flight from prosecution;
       ``(C) destruction of or tampering with evidence;
       ``(D) intimidation of potential witnesses; or
       ``(E) otherwise seriously jeopardizing an investigation or 
     unduly delaying a trial.
       ``(3) Extension.--Upon request by a governmental entity, a 
     court may grant 1 or more extensions of the delay of 
     notification granted under paragraph (2) of not more than 180 
     days in the case of a law enforcement agency, or not more 
     than 90 days in the case of any other governmental entity.
       ``(4) Expiration of the delay of notification.--Upon 
     expiration of the period of delay of notification under 
     paragraph (2) or (3), the governmental entity shall serve 
     upon, or deliver to by registered or first-class mail, 
     electronic mail, or other means reasonably calculated to be 
     effective as specified by the court approving the search 
     warrant, the customer or subscriber--
       ``(A) a copy of the warrant; and
       ``(B) notice that informs the customer or subscriber--
       ``(i) of the nature of the law enforcement inquiry with 
     reasonable specificity;
       ``(ii) that information maintained for the customer or 
     subscriber by the provider of electronic communication 
     service or remote computing service named in the process or 
     request was supplied to, or requested by, the governmental 
     entity;
       ``(iii) of the date on which the warrant was served on the 
     provider and the date on which the information was provided 
     by the provider to the governmental entity;
       ``(iv) that notification of the customer or subscriber was 
     delayed;
       ``(v) the identity of the court authorizing the delay; and
       ``(vi) of the provision of this chapter under which the 
     delay was authorized.
       ``(b) Preclusion of Notice to Subject of Governmental 
     Access.--
       ``(1) In general.--A governmental entity that is obtaining 
     the contents of a communication or information or records 
     under section 2703 may apply to a court for an order 
     directing a provider of electronic communication service or 
     remote computing service to which a warrant, order, subpoena, 
     or other directive under section 2703 is directed not to 
     notify any other person of the existence of the warrant, 
     order, subpoena, or other directive for a period of not more 
     than 180 days in the case of a law enforcement agency, or not 
     more than 90 days in the case of any other governmental 
     entity.
       ``(2) Determination.--A court shall grant a request for an 
     order made under paragraph (1) if the court determines that 
     there is reason to believe that notification of the existence 
     of the warrant, order, subpoena, or other directive may 
     result in--
       ``(A) endangering the life or physical safety of an 
     individual;
       ``(B) flight from prosecution;
       ``(C) destruction of or tampering with evidence;
       ``(D) intimidation of potential witnesses; or
       ``(E) otherwise seriously jeopardizing an investigation or 
     unduly delaying a trial.
       ``(3) Extension.--Upon request by a governmental entity, a 
     court may grant 1 or more extensions of an order granted 
     under paragraph (2) of not more than 180 days in the case of 
     a law enforcement agency, or not more than 90 days in the 
     case of any other governmental entity.
       ``(4) Prior notice to law enforcement.--Upon expiration of 
     the period of delay of notice under this section, and not 
     later than 3 business days before providing notice to a 
     customer or subscriber, a provider of electronic 
     communication service or remote computing service shall 
     notify the governmental entity that obtained the contents of 
     a communication or information or records under section 2703 
     of the intent of the provider of electronic communication 
     service or remote computing service to notify the customer or 
     subscriber of the existence of the warrant, order, or 
     subpoena seeking that information.
       ``(c) Definition.--In this section and section 2703, the 
     term `law enforcement agency' means an agency of the United 
     States, a State, or a political subdivision of a State, 
     authorized by law or by a government agency to engage in or 
     supervise the prevention, detection, investigation, or 
     prosecution of any violation of criminal law, or any other 
     Federal or State agency conducting a criminal 
     investigation.''.

     SEC. 5. RULE OF CONSTRUCTION.

       Nothing in this Act or an amendment made by this Act shall 
     be construed to apply the warrant requirement for contents of 
     a wire or electronic communication authorized under this Act 
     or an amendment made by this Act to any other section of 
     title 18, United States Code (including chapter 119 of such 
     title (commonly known as the ``Wiretap Act'')), the Foreign 
     Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et 
     seq.), or any other provision of Federal law.
                                 ______
                                 
      By Mr. CARDIN:
  S. 608. A bill to amend title XVIII of the Social Security Act and 
title XXVII of the Public Health Service Act to improve coverage for 
colorectal screening tests under Medicare and private health insurance 
coverage, and for other purposes; to the Committee on Finance.
  Mr. CARDIN. Mr. President, I rise today to introduce the Supporting 
Colorectal Examination and Education Now, SCREEN, Act. This legislation 
promotes access to colon cancer screenings in an effort to help prevent 
colorectal cancer, save lives, and reduce costs for families, the 
Medicare program, and the health care system. I strongly urge my 
colleagues to support this critical piece of legislation.
  Colorectal cancer affects far too many Americans. The rate of colon 
cancer deaths is shocking--taking the lives of over 50,000 people this 
year alone, according to the American Cancer Society.
  Fortunately, colorectal cancer is highly preventable with screening, 
and colon cancer screening tests rank among the most effective 
preventive screenings available. A recent study in the New England 
Journal of Medicine found that removal of precancerous polyps during a 
screening colonoscopy may reduce colon cancer deaths by over 50 
percent. Early detection and intervention are key to preventing colon 
cancer. Colonoscopy screenings are different from other types of 
preventive or screening services because pre-cancerous polyps found 
during a screening are removed during the same visit, thus preventing a 
potential cancer from developing and helping to ensure detection, 
intervention, and prevention.
  Congress recognized the value of colon cancer screenings and, through 
bipartisan legislation that I authored in 1998, established a Medicate 
benefit for screening. The problem is that only half of individuals 
coveted by the Medicare program receive a screening colonoscopy, even 
though a Medicate

[[Page S1954]]

colorectal cancer screening benefit is available. According to the 
Centers for Medicare & Medicaid Services, CMS, Medicare claims show 
that only 52 percent of beneficiaries have had a colorectal cancer 
screening test. Many barriers account for this, including patient 
education on screenings and operational issues within the Medicare 
program, but colorectal cancer has become too widespread and we have 
reached the time to take action to promote prevention and save lives. 
Ensuring that individuals receive colorectal cancer screening tests is 
critical to this goal.
  In addition, detection and intervention through proper colonoscopy 
screening should reduce costs to the Medicare program and health care 
system overall. Once colon cancer develops, the direct costs of 
treating colon cancer are starting--reaching $4 billion in 2010. A 
recent study published in the New England Journal of Medicine concluded 
that colorectal cancer screening has been shown to reduce Medicare 
long-term costs.
  Congress must help promote access to colorectal cancer screenings and 
help increase the number of persons receiving these life-saving 
screening tests. The SCREEN Act takes many steps to increase the rate 
of colorectal cancer screenings and help prevent colon cancer, while 
also reducing Medicare costs.
  The SCREEN Act first waives cost sharing for Medicare beneficiaries 
receiving colorectal cancer screenings where precancerous polyps are 
removed during the visit. Currently, Medicare waives cost-sharing for 
any colorectal cancer screening recommended by the U.S. Preventive 
Services Task Force, USPSTF. Colorectal cancer screens have a grade 
``A'' recommendation by USPSTF. However, if the doctor finds and 
removes a precancerous polyp during the visit, the procedure is no 
longer considered a ``screening'' for Medicare purposes--and the 
beneficiary would be forced to pay the Medicare coinsurance. In 
February 2013, the Administration announced that private insurers 
participating in State-based health insurance exchanges must waive all 
cost sharing for colon cancers screenings where a polyp is removed. 
This bill promotes a similar policy by waiving Medicare cost sharing 
for diagnostic and screening colorectal cancer tests.
  Additionally, the SCREEN Act extends Medicare coverage to include an 
office visit or consultation so that a Medicare beneficiary may sit 
down and discuss the screening with a doctor prior to the colonoscopy 
procedures. One of the major barriers to increasing colorectal cancer 
screening rates is a patient's lack of knowledge and the ``fear of the 
procedure.'' This pre-procedure visit is not only good clinical 
practice but also would help increase patient utilization of colorectal 
cancer screening. This visit allows the individual to ask questions 
about the procedure, assures selection of the proper screening test, 
and increases beneficiary education and test preparation. There is no 
reason for a Medicare beneficiary to be seeing his or her physician for 
the first time only just before being sedated for the procedure.
  The SCREEN Act also provides incentives for Medicare providers to 
participate in nationally recognized quality improvement registries so 
that our Medicare beneficiaries are receiving the quality screening 
they deserve. Congress and other organizations can look to the SCREEN 
Act as a model for Medicare reimbursement reform as the bill reimburses 
providers in a budget neutral manner based on the quality of the 
procedure and not volume of services.
  Promoting access to colorectal cancer screening will help ensure 
detection and intervention of this highly preventable disease and 
reduce costs to the health care system. I ask my colleagues to join in 
support of this fight to end colorectal cancer by cosponsoring this 
important legislation.
                                 ______
                                 
      By Mr. DURBIN (for himself and Mrs. Gillibrand):
  S. 612. A bill to require the Secretary of Health and Human Services 
to remove social security account numbers from Medicare identification 
cards and communications provided to Medicare beneficiaries in order to 
protect Medicare beneficiaries from identity theft; to the Committee on 
Finance.
  Mr. DURBIN. Mr. President, today I join my colleague, Senator Kirsten 
Gillibrand, to introduce the Social Security Number Protection Act of 
2013, a bill that would remove Social Security numbers from Medicare 
cards to address a leading cause of identity theft among our Nation's 
seniors.
  It is estimated that 11.6 million Americans were victims of identity 
theft in 2011, up from 10.2 million in 2010. We know that the misuse of 
Social Security numbers is one of the primary drivers of this crime. In 
many of these cases, identity thieves obtain them from Medicare cards.
  Today, over 49 million beneficiaries carry their Medicare cards with 
them in their purses and in their wallets. These cards display a 
Medicare identification number, which consists of their Social Security 
number with a one- or two-digit code at the end, leaving beneficiaries 
particularly vulnerable to identity theft should a card be lost, 
stolen, or left in plain sight.
  With identity theft on the rise, we can't make it this easy for 
thieves. Unfortunately, the Centers for Medicare and Medicaid Service, 
CMS, has fallen behind many other public and private organizations in 
better protecting seniors from identity theft by continuing to display 
Social Security numbers on Medicare cards. The Department of Defense, 
the Veterans Administration, and private insurers have all figured out 
how to transition to individual identification cards that don't include 
Social Security numbers.
  In 2005, I offered an amendment to the Fiscal Year 2006 Labor-HHS-
Education appropriations bill to require CMS to remove Social Security 
numbers from Medicare cards. Although my amendment was adopted with a 
rollcall vote of 98 to 0, the final bill directed CMS to report to 
Congress on the steps necessary to remove the numbers. CMS provided 
that report in October 2006.
  Six and a half years have passed since CMS first explored taking 
steps to remove Social Security numbers from Medicare cards. The 
Inspector General of the Social Security Administration took CMS to 
task in 2008 for its inaction and confirmed the risk that display of 
the numbers on Medicare cards poses to seniors. The Social Security 
inspector concluded that ``immediate action is needed to address this 
significant vulnerability.'' CMS has since issued another report, but 
it has failed to take action.
  The Social Security Number Protection Act of 2013 establishes a 
reasonable timetable--3 years--for CMS to begin removing Social 
Security numbers from Medicare cards. It also gives CMS flexibility in 
determining the method by which it makes this change, enabling it to 
pursue an option that minimizes burdens while maximizing cost 
effectiveness. The bill also prohibits CMS from displaying Social 
Security numbers on all written and electronic communications to 
Medicare beneficiaries.
  I urge my colleagues to cosponsor this important legislation and work 
with me to advance this long overdue change. CMS already requires that 
beneficiaries receiving benefits through Medicare Part C and Part D do 
not display individuals' Social Security numbers. Further, it has 6 
years' worth of reports and cost data that it can use as tools to make 
these changes happen. We should extend this protection to all 
beneficiaries and help safeguard our Nation's seniors from becoming 
victims of identity theft in the future as quickly as possible.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                                 S. 612

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Social Security Number 
     Protection Act of 2011''.

     SEC. 2. REQUIRING THE SECRETARY OF HEALTH AND HUMAN SERVICES 
                   TO PROHIBIT THE DISPLAY OF SOCIAL SECURITY 
                   ACCOUNT NUMBERS ON MEDICARE IDENTIFICATION 
                   CARDS AND COMMUNICATIONS PROVIDED TO MEDICARE 
                   BENEFICIARIES.

       (a) In General.--Not later than 3 years after the date of 
     the enactment of this Act, the Secretary of Health and Human 
     Services shall establish and begin to implement procedures to 
     eliminate the unnecessary collection, use, and display of 
     social security account numbers of Medicare beneficiaries.

[[Page S1955]]

       (b) Medicare Cards and Communications Provided to 
     Beneficiaries.--
       (1) Cards.--
       (A) New cards.--Not later than 3 years after the date of 
     the enactment of this Act, the Secretary of Health and Human 
     Services shall ensure that each newly issued Medicare 
     identification card meets the requirements described in 
     subparagraph (C).
       (B) Replacement of existing cards.--Not later than 5 years 
     after the date of the enactment of this Act, the Secretary of 
     Health and Human Services shall ensure that all Medicare 
     beneficiaries have been issued a Medicare identification card 
     that meets the requirements of subparagraph (C).
       (C) Requirements.--The requirements described in this 
     subparagraph are, with respect to a Medicare identification 
     card, that the card does not display or electronically store 
     (in an unencrypted format) a Medicare beneficiary's social 
     security account number.
       (2) Communications provided to beneficiaries.--Not later 
     than 3 years after the date of the enactment of this Act, the 
     Secretary of Health and Human Services shall prohibit the 
     display of a Medicare beneficiary's social security account 
     number on written or electronic communication provided to the 
     beneficiary unless the Secretary determines that inclusion of 
     social security account numbers on such communications is 
     essential for the operation of the Medicare program.
       (c) Medicare Beneficiary Defined.--In this section, the 
     term ``Medicare beneficiary'' means an individual who is 
     entitled to, or enrolled for, benefits under part A of title 
     XVIII of the Social Security Act or enrolled under part B of 
     such title.
       (d) Conforming Reference in the Social Security Act.--
     Section 205(c)(2)(C) of the Social Security Act (42 U.S.C. 
     405(c)(2)(C)) is amended by adding at the end the following 
     new clause:
       ``(xii) For provisions relating to requiring the Secretary 
     of Health and Human Services to prohibit the display of 
     social security account numbers on Medicare identification 
     cards and communications provided to Medicare beneficiaries, 
     see section 2 of the Social Security Number Protection Act of 
     2011.''.
       (e) Authorization of Appropriations.--There are authorized 
     to be appropriated such sums as may be necessary to carry out 
     this section.

                          ____________________