I'm not arguing with that at all! I'm saying that the fact that they aren't hasn't actually stopped anyone from using them that way.
When this assumption is violated, a psuedo-identifier is assigned. I have worked with multiple systems that work this way and it is the norm in finance and was the norm in higher education until relatively recently. State government information systems also use SSN as primary identifier surprisingly often, and in the system I've worked most closely with reused SSNs were resolved by just deleting the old record.
You could say that SSNs are the perfect storm - they aren't unique, but they're pretty close to unique, and this allows you to rely on SSNs as an identifier for long enough that when you run into a problem you're too dug in and so you find a workaround. For example, assign non-citizens "SSNs" with prefixes not used by SSA---this was the norm in higher ed, and many institutions "eliminated" the use of SSNs by just handling all students as international.
The IRS, of all organizations, uses SSN as a primary means of identifying individuals. They absolutely run into all kinds of problems with this that must be resolved by using other information as well but that doesn't stop them because it's just too convenient. Many such defects in use of SSNs are resolved by assigning an ITIN, which is just a pseudo-SSN with first digit '9' which is not in use by SSA. Even EINs have the same digit length as SSNs, suggesting that they're handled as SSNs by some systems.
Or consider this similar situation: name and DOB are not unique, but this doesn't stop them being near universally used as primary identifier in healthcare information systems. Actually healthcare widely used SSN before HIPPA mandated a change.
I've worked with several large healthcare organizations in a consulting capacity. You would be laughed out of a room for suggesting SSN or name and birthday as the primary identifier for an individual. All used an internal patient ID.
Some had processes that would use an SSN or name and birthday as inputs to an identification procedure. These procedures would invariably include additional steps.
It's perfectly reasonable to ask someone their name and birthday. You can easily use these as search keys to be presented with a list of options. Then, you can select the appropriate record from that list. Sometimes you might need additional information to determine the correct record. If so, you ask the patient.
Each organization also had many reconciliation processes to resolve misidentified patients.
All this to say, they were explicitly not using SSN to identify patients. Sometimes they are put in situations where this is the primary identifying datum for a record, and this is an (unfortunately common) exceptional situation to be resolved.
The allocation of a PRN to identify patients is an explicit requirement of HIPPA which was introduced in response to the exact problems you discuss, which were common prior to the change.
