Linda Berkley of Braddock was playing with her granddaughter Saturday evening when the infant grabbed the identification bracelet Mrs. Berkley had received earlier in the day at the UPMC Braddock emergency room.

As she pulled her arm away, Mrs. Berkley glanced at the bracelet and was horrified by what she saw -- her full name, her full Social Security number, her birth date and her insurance policy number.

"If my granddaughter hadn't been playing with it, I would have just clipped it off and thrown it away," she said.

In an age when identity theft stories play out regularly on the nightly news, Mrs. Berkley said she was "shocked" that the hospital would put such sensitive personal information on ID bracelets. She said the information also was included in her discharge papers.

"Some person who's older, someone could take their identity and they won't know about it until it's too late and then someone runs up a whole bunch of bills on them," she said.

That point was driven home for her the following day, when Mrs. Berkley took her 84-year-old mother to UPMC Braddock and her mother's personal information was put on her ID bracelet.

At one point, while her mother was dozing, a staff member came in and checked the bracelet before taking a blood sample, Mrs. Berkley said.

"If I hadn't been there," she said, "they could have taken all my mother's personal information off that bracelet and she wouldn't have known it."

John Houston, UPMC vice president for privacy and information security, said the medical center issues new medical record numbers for new patients, but it still uses Social Security numbers for those already in the system, unless the patient requests a new number. Processing those requests can take several days.

"We are actively looking at methods to reduce our use of the SSN [Social Security number] as the MRN [medical record number], as well as to reduce the 'display' of the MRN on such items as the wristband," Mr. Houston said in an e-mail statement.

UPMC could not provide immediate information about how many people treated at UPMC hospitals still have their Social Security numbers functioning as their medical record numbers.

Before identity theft became a concern, using Social Security numbers to identify patients had natural appeal for hospitals -- everyone had a unique number, most people had their number memorized and the hospital needed to include Social Security numbers on federal reporting forms anyway.

But in the digital age, sensitive information can be disseminated quickly. Last year, UPMC patient information, including Social Security numbers, medical charts, X-rays and medications, was attached by mistake to a UPMC Web site, available for anyone to see.

Even after hospital officials took the site down, the information could still be found on an archival Web site not affiliated with UPMC. Security experts said there is no way to know if others had downloaded the information, too.

Mrs. Berkley wonders, given UPMC's recognition that Social Security numbers could be a problem for new patients, why the hospital would still use them for other patients.

"Where is your privacy and how can you protect yourself and still get care without them putting all your information out there for anyone, including staff, to see it?" she asked.