One good approach I read somewhere, is to put the last 4 digit of SSN in the original file and use a secondary file joined by primary unique key, to hold the encrypted fields.
Here is also a problem I have seen. The SSN# being the primary unique key of the file and used to link other tables. Time to redesign your database. But you can make it work by using a one way encryption scheme. That is where the data is also the key. You enter on to the screen the SSN#, (By the way it can be any data not necessarily a SSN#), Encrypt it before performing the DB lookup, and use the encrypted data as the key. The data cannot be decrypted, easily, but you can still retrieve the record if you already know the SSN# in this example.