I'd suggest you explore the feasibility of doing a Exact Data Match (EDM) profile for this type of matching. That said, Date-of-Birth is going to be an issue regardless of how you try to detect on it.
If I understand enough based on the information you give, I'd imagine you could build two EDMs.
(1) Member Data - include Member Last Name, Member ID, Member SSN, and Member HICN.
(2) Claims Data - include Member Last Name, Member ID, and Claim #.
Then, rather than using just the data identifiers for SSN in conjunction with those keywords included in the out-of-the-box HIPAA rule, use your EDM profiles to look for the member name and any one of those other elements.
Your detection accuracy will then be close to 100% (based on the data that you have indexed in those EDMs), and your match counts will reflect the true number of unique matches, which will help you separate the cases where a single claim form is sent, for example, from ones where this data is being sent in bulk. That allows you to do much more with regards to automated incident remediation (i.e. blocking) with a higher confidence.
It may take some convincing across several levels to allow you to even access this data for the purpose of building the EDM. I'd suggest, if that's the case, that you prototype this in your environment and show the results, which will usually go very far with regards to convincing folks of the merit of this approach.
Hope that helps!
Regards,
~Keith