- We all have social security numbers, driver’s license numbers, and financial identification numbers that help standardize many of our most vital interactions and trace our activities back to a single, authorized source. We even use our email addresses, Facebook accounts, and Twitter handles to establish our identities in the virtual world, and most of those use passwords that aren’t anywhere near as secure as we think. So why don’t we have a national patient identification (NPI) number that ties us to the most important aspect of our lives: our health?
Meg Aranow, Principal at Aranow Consulting, LLC, thinks we should. Writing as a guest on Life as a Healthcare CIO, a popular blog by Dr. John Halamka, Aranow feels that the privacy risks are outweighed by the rewards of a single ID number to unify clinical records, especially as more and more providers join health information exchanges and EHR information is shuttled back and forth across disparate systems.
“A patient identifier, separate and distinct from the social security number, and used as one factor in multi-factor authentication at the point of registration for services would assist in the accurate identification of patients at the point of care,” she writes. “The persistent use of the patient identifier in the private and public HIEs will streamline and make more accurate efforts to share data among collaborating clinicians and public health entities.”
Aranow is not alone in believing that now is the time to set up a cohesive method of identifying patient records. In September, 2012, HIMSS weighed in on the issue, advocating for an NPI to facilitate information exchange and help make meaningful use truly meaningful. “Mismatches, which already occur at a significant rate within individual institutions and systems will significantly increase when entities communicate among each other via HIE —a Meaningful Use Stage 2 requirement — that may be using different systems, different matching algorithms, and different data dictionaries. The multitude of different solutions and the lack of a national coordinated approach pose major challenges for our health information infrastructure and result in millions of dollars of unnecessary costs,” they concluded.
Most HIEs, including statewide initiatives, already face issues when trying to patch together patient IDs from multiple providers. Maine’s HealthInfoNet, for example, uses a third party software package that maps patient records on top of each other, hopefully matching the correct person with the correct information. “It uses an algorithm using first and last name, date of birth, address, SSN, and then medical record number from the actual facility, and it has to be a confident enough match for it automatically merge those records,” explains Amy Landry. “If it’s not a confident match, it will kick it out. We have someone here who reaches out to the facility and tries to work with that to make sure that we’re not merging patients who shouldn’t be merged, or leaving them separate if they shouldn’t be separate.”
But an NPI would eliminate the time, expense, and inherent potential for errors of the cumbersome process. As advanced as the underlying mathematics are, the entire system can be thrown off by a typo or a very common surname. “Clinically misidentified patients…have a heightened risk for inappropriate and potentially dangerous care provision,” Aranow argues. “This potential has always existed within our institutions, but the prevalence increases as our collaborative models are extended. When clinic records are shared with the collaborating specialty clinic, and then shared with hospital and then the post-acute facilities, we increase both the opportunity to deliver great care, and the risk of misidentification occurring somewhere in the chain.”
With some reasonable security precautions to guard against data theft and strict adherence to HIPAA rules, an NPI could be the key to making HIE really worthwhile and easily attainable by organizations that don’t have the funding for expensive patient mapping infrastructures. “Making more money available for preventative measures rather than paying for the penalties and remedies for the lapses seems like a worthy paradigm shift,” says Aranow.
“Strong, reasonably funded security and privacy requirements with repercussions for mistakes and abuse may be the path to finding the new balance of risk and benefit for a collaborative medical system based on a national patient identifier.”