our medical records probably bear different numbers — one for your primary care physician and his or her medical group, one for each hospital you’ve been treated in, different ones for different specialists. This can make it difficult to retrieve your medical information.
A common way to match and collect health records is by using a person’s name and birthdate. But consider this: In a health database of 3.5 million Houston-area residents, about 70,000 share the same first name, last name, and birthdate.
When the Health Insurance Portability and Accountability Act was signed into law in 1996, it called for creating “a standard unique health identifier for each individual” to make it easier to link a person with all of his or her health information, no matter where it was stored. In 1998, Congress eliminated that requirement and even prohibited the use of federal funds to develop a unique identifier.
Twenty years later, the issue is still very much alive. STAT asked experts to offer their perspectives on why the United States should, or should not, create a unique health identifier for each of us.
Tommy G. Thompson: Test identifier to fight medical fraud
Michael D. Greenberg: Unique identifier could protect privacy
Adrian Gropper: Identifier adds nothing beyond “coercive surveillance”
Douglas Fridsma: Make the conversation about patient benefits
Twila Brase: Block the identifier, block national health care
Stephen Smith: Unique identifiers work in the UK
By Tommy G. Thompson: The use of unique patient identifiers could be an important step toward accurately bringing together an individual’s health and medical information and delivering it as needed to his or her doctors, but only if certain conditions are met. The identifier must be unique for each individual. It must be completely confidential. It must be secure in cyberspace. The patient — and only the patient — can determine who can access the information. And the identifier cannot be shared without the individual’s permission.
There’s no question that difficulty sharing medical information — a doctor or hospital can’t access important records due to misidentification, or gets the wrong records — is a problem. An even bigger problem we are facing today is the explosion of fraud in the health care system. Since 2009, data breaks have exposed the health information of more than 150 million Americans. By one estimate, fraud adds nearly $100 billion a year to the cost of Medicare and Medicaid.
It would be a worthwhile venture to determine if the use of carefully implemented unique patient identifiers could help combat this epidemic of fraud and provide safer and more secure access to our health information.
Tommy G. Thompson was secretary of the Department of Health and Human Services from 2001 to 2005. He is now chairman of HealthcarePays in Powhatan, Va.
By Michael D. Greenberg: Giving every American a unique patient identifier could reduce errors in retrieving their medical records while improving data sharing and security. A national identifier could also help protect patient privacy, or at least not further erode it. Those are key conclusions from “Identity Crisis,” a RAND study I coauthored several years ago.
During the late 1990s, policies blocking a unique patient identifier may have been one way to slow the development of a Nationwide Health Information Network. But even without unique patient identifiers, such a network has largely been cobbled together. It is already exchanging patient records by using common identifiers such as names, birthdates, and Social Security numbers.
There are technical drawbacks to this patchwork approach for matching records. On the clinical side, there’s the issue of failing to retrieve needed records or getting the wrong ones. On the privacy side, there are problems with using names and Social Security numbers because these identifiers are inherently vulnerable and are tied to other sensitive records unrelated to health care.
Given that the Nationwide Health Information Network is becoming a reality, efforts to block a national unique patient identifier may now be self-sabotaging. Instead, other privacy-enhancing policies need to be emphasized, such as strengthening the architectural features of health information networks, as well as the regulatory standards for safeguarding records within the networks. Far from imperiling privacy, a careful unique patient identifier scheme might serve to enhance privacy instead.
One takeaway lesson of the RAND study is fundamental tradeoffs likely exist. We want to optimize the privacy and security of health information and make record matching as close to perfect as is practical. Instead of stifling the policy debate about unique patient identifier numbers, we need to reopen that conversation to find the best approach for reconciling these two basic goals.
Michael G. Greenberg, JD, PhD, is a senior behavioral scientist for the RAND Corporation and director of the RAND Center for Corporate Ethics and Governance.
By Adrian Gropper: Implementing a unique patient identifier would add nothing to our health care system beyond coercive surveillance. It would collect information about us without our consent or even our knowledge, much as the National Security Agency has been doing with telephone records.
Patients are just people. Why bother with a number when scanning the iris of the eye is arguably a perfect way to identify each of us. The technology for doing this is becoming almost as inexpensive as that needed to read a credit card. It’s not a stretch to imagine iris scanners appearing in doctors’ offices, hospitals, ambulances, and the like to match individuals with their health records.
That might be efficient, but it isn’t voluntary and offers us no say about what information is matched and who has access to it, nor does it offer any transparency into the process.
There are other ways to accurately match individuals with information about them. The Internal Revenue Service, for example, is quite good at matching people with their financial information by asking for their name, date of birth, and Social Security number the first time they register at a bank or employer. For health, we could ask individuals to supply their name and an email address, cellphone number, or other familiar unique identifier. Then, whenever an entity wants to access an individual’s data, be it a physician, lab, pharmacy, insurer, or someone else, a notification would automatically be sent to the person by email or text asking if that’s what they intended. This kind of familiar opt-in system gives the individual control over his or her data and the ability to see who is looking at it.
Access to our health information is a first-order privacy issue. Most of the matching and access is done for purposes that don’t benefit the patient. Some access is done for risk adjustment, some for marketing services, and some for setting prices while effectively keeping cost and quality in medicine a secret. Take a look at TheDataMap, developed by Latanya Sweeney of Harvard University’s Data Privacy Lab, to see the types of organizations that routinely tap into our health information.
Americans need a health care system that encourages trust in our doctors, labs, pharmacies, hospitals, and more. You don’t build trust in a system by introducing involuntary and coercive practices like a unique patient identifier just because they are efficient.
Adrian Gropper, MD, is chief technology officer for Patient Privacy Rights.
By Douglas Fridsma: People care — a lot — about the privacy of their medical information. They would like to be able to control who sees it. They also want their medical information to be immediately available when needed. They want it to follow them as they move and age. They’d rather not have to fill in the same information over and over again. And they don’t want to worry that their information will be mixed up with someone else’s.
Giving every American a unique patient ID could help address all of those issues.
The conversation about unique patient identifiers has often focused on their value for the health care system. What’s been missing is the tremendous value they offer each of us.
Unfortunately, rather than focusing on the benefits that a unique identifier would offer all patients — benefits that should rightfully be theirs — we have tended to focus on a technology solution that has been overshadowed by concerns for privacy and fears that our medical information will be exposed to someone other than our health care providers.
Looking at the unique patient identifier as one way to help make us first-order participants in our care rather than observers of the care we receive could help restart a productive discussion on this issue.
Douglas Fridsma, MD, PhD, is president and CEO of the American Medical Informatics Association.
By Twila Brase: The Citizens’ Council for Health Freedom opposes the creation of a unique patient identifier, which I call a national patient ID. The most important reason is our opposition to building a national health care system. Without a national identification card for patients, it would be difficult to nationalize health care.
There are other reasons a national patient ID is a bad idea. Patients should be able to get fresh second or third opinions. With a national patient ID, and a nationwide network of electronic health records, clinicians would be able to see the opinions, diagnoses, and treatments of whoever generated the first opinion, which can bias their thinking.
A national health care system is the antithesis of freedom. We believe it would lead to rationing of care, which would destroy medical ethics and patients’ trust in their physicians. Fighting the development of a national patient ID is a key strategy in our battle against national health care.
Twila Brase, RN, is cofounder and president of Citizens’ Council for Health Freedom.
By Stephen Smith: The United Kingdom’s National Health Service introduced the NHS Number in 1996 to replace a variety of previous conventions and formats. It is now the only national unique single data item used to identify and connect an individual with his or her health records. Anyone receiving NHS-commissioned services in England is allocated an NHS Number. It is used across all NHS organizations. Assigning an NHS Number to a baby at birth enables the creation and maintenance of his or her health care record for life.
The number allows clinicians to accurately pass information about patients to other health and care providers. It helps avoid the patient being mistaken for another person or having his or her information being recorded in another person’s file. The NHS number helps simplify sending hospital discharge summaries to a patient’s general practitioner, making referrals, linking pathology and other reports to an individual’s records, and delivering prescriptions to pharmacists.
The introduction of the NHS Number has been generally supported. It’s acceptance was helped by the fact that the number itself does not carry any information about a person, nor does it link directly to other government identifiers, which helps mitigate potential concerns about privacy.
The issues and challenges that have arisen have been more about practicalities due to the scale of the change and impact on processes and information technology systems throughout the NHS. Policies and regulation have consistently stimulated and enforced the requirement for organizations to use the NHS number.
Stephen Smith is program head for demographics at the Health and Social Care Information Centre, which provides data and information technology systems for the United Kingdom’s National Health Service.