March 24 , 2008
Voluntary Patient Identifiers
By Elizabeth S. Roop
Vol. 9 No. 6 P. 24
Editor’s Note: One sticking point of any nationwide digital health information system would be some sort of unique patient identifier. PACS and RIS data are increasingly integrating with other healthcare information systems on the enterprise level and slowly moving toward regional and national data exchange. That makes the patient identifier issue a worthwhile addition to our series on interesting technology issues outside of radiology that may affect your future in healthcare.
When most healthcare IT (HIT) experts are queried about the implementation timeline for a voluntary national patient identifier system, the typical response is that it will take years.
When the question is posed to Barry R. Hieb, MD, a research director with the Gartner group, a member of the American Society for Testing and Materials (ASTM) medical informatics standards group, and an authority on the patient identifier process, the answer is that it will happen by the end of this year.
Hieb, who authored one of the first standards on a national patient identifier nearly 15 years ago, has financed and is working with several business collaborators on the Voluntary Universal Healthcare Identifier (VUHID) Project. VUHID, which arose from ASTM medical standards organization E 31, will make unique identifiers available at no cost to any individual who wants one. The infrastructure is in the final stages of development, and Hieb expects pilot testing to begin by year’s end. The system was unveiled during the Healthcare Information and Management Systems Society annual meeting last month in Orlando.
VUHID was made possible by the elimination of several key obstacles that had blocked the development of a national patient identifier by private or public sector organizations. Among the most significant were the absence of a legislative impetus to create such a system and the lack of available technology. Privacy issues also dogged the concept, as did an estimated $1 billion price tag.
However, in recent years, two fundamental changes took place that paved the way for the creation of a patient identifier by the private sector. The first was the introduction of the “voluntary” concept. The second was the federal government’s call for a national health information network (NHIN).
“Those two changes opened up everything. We believe we now have nothing that will prevent us from implementing this system,” says Hieb, who notes that technological advances have enabled them to develop VUHID for a fraction of original cost estimates.
Another key was the ASTM’s creation of a second set of patient identifier standards, which serves as an implementation guide. “That was where things came together in a way that made us realize something remarkable was happening,” says Hieb.
A Long Trip to Nowhere
HIPAA included adopting standards for issuing a unique health identifier, but the movement has made little progress since the law was passed in 1996. By 1998, a lack of consensus and ongoing controversy resulted in Congress prohibiting Health and Human Services from using any budget money to promulgate or adopt final standards that would result in a voluntary or involuntary unique health identifier—a dictate that remains in effect today.
“At the end of the day, it is a social question for which there is no absolute truth. It is society debating trade-offs,” says John Glaser, PhD, vice president and chief information officer (CIO) of Partners Healthcare System in Boston and the College of Health Information Management Executives’ (CHIME) senior advisor for national HIT adoption. “It is a complicated political discussion, and it belongs in the political arena. Congress looked at it and, rightfully so, said there are a lot of issues.”
Although the funding ban has all but stopped any progress on implementing a unique identification system in the public sector, it has not put the brakes on the debate about it or prevented the industry from investigating ways to bring it to fruition.
Momentum has increased in recent years as IT adoption and the establishment of health information exchanges (HIEs) and regional health information organizations (RHIOs) have shone a spotlight on the depths of the problems within the current system. The most troublesome is an error rate in matching patients to records caused by incomplete, inaccurate, or incorrectly linked data that many believe is unacceptably high.
Unfortunately, proposed solutions such as biometrics have done little to cool the raging debate over the idea of a government-mandated identification program. At the same time, the HIT industry is vocal about the fact that without some sort of identifier in place, the NHIN goals may never be achieved.
A unique identifier, even a voluntary one, is “a political third rail to discuss,” says Tom Doyle, vice president and chief architect with the Hospital Corporation of America and a member of the National Alliance for Health Information Technology (NAHIT) Alliance Technology Leadership Committee Advisory Group. However, without something, the time and money going into development of the NHIN will be at risk.
“Doctors won’t want to use it because the data is incomplete and inaccurate, and patients won’t want to use it because of the inaccurate information. There are a lot of things to discuss here, but the important thing is to understand that if we don’t do something, there is going to be a certain percentage of error introduced,” he adds.
In December, the NAHIT issued “Safety in Numbers: Resolving Shortcomings in Matching of Patients With Their Electronic Records,” a position paper that emphasized, among other things, the need to adopt a voluntary and flexible system of unique identifiers that are assigned as the patient’s option.
The NAHIT’s stance is that a voluntary, consumer-oriented approach will benefit patients while gradually narrowing the margin of error created by the current statistical approach used to determine whether a medical record matches the patient. Although there are no hard data, the confidence rates typically cited fall within the 90% to 99% range.
For example, Doyle points to two categories of patients who have a particularly high risk of mismatched records: women due to name changes and ethnic minorities due to a high occurrence of similar names.
The NAHIT’s position paper states that the probabilistic matching process that reduced the inaccuracies caused by attempts to link patient information within disparate systems, while an improvement still does not do enough.
And the organization is not alone in its concerns. “Today’s healthcare system in the U.S. is not a system. It is islands of data that are completely disconnected. Therefore, we are spending, on average, 15% of healthcare dollars on redundancy and waste,” says John D. Halamka, MD, chair of the Healthcare Information Technology Standards Panel (HITSP) and CIO of Harvard Medical School. “It is broken because it is causing harm and wasting money because we can’t link together patient records with success. Currently, we have the technology to link together [those records]. It does pretty well, but it’s not perfect. There are going to be at least 1% of records linked that are just not right.”
NHIN Opens the Door
While the NHIN has brought to light many problems that the current healthcare system faces in accurately matching patient records, Hieb says that it has also opened the door for the development of a voluntary system such as the VUHID by laying the framework for the secure creation of a unique identifier that can be controlled by the patient.
To obtain an identifier through the VUHID, a patient will submit the request to his or her physician, who will gather the appropriate information to validate the individual’s identity. The request is then submitted by the provider to the local electronic master patient index (EMPI) system, which is used by RHIOs and HIEs to crossmap patients’ identities with their records from the various healthcare organizations participating in the exchange.
Once the EMPI validates the patient’s identification, it sends a secure request to the VUHID for an identifier. The VUHID generates the identifier and returns it to the EMPI with the appropriate time and date stamps and activation notification.
“That’s all [the VUHID] knows. It doesn’t know who that person is, what kind of clinical information is attached, and so forth,” says Hieb. “The EMPI gets the identifier back, creates the linkages, and then sends the identifier back to the doctor’s office. The entire process should take one minute.”
Patients receive the identifier in the form of a bar code, which they can then take to any hospital, clinic, or physician’s office participating in the local exchange. The receiving facility simply scans the bar code, and the EMPI can facilitate the location of any appropriate medical data.
This eliminates the need for the patient to fill out duplicate forms and the need to rely on memory for items such as medication histories and care dates. “All of that is now coming from the record location capabilities of the HIE,” says Hieb.
For providers not linked to the HIE, patients can request paper copies of the records to enter into their personal health record or provide them to the hospital or clinic to be entered as part of their official record and then linked to their identifier.
“The patient will have a significant amount of control, but the ideal situation is that the doctor’s office will electronically link up to the RHIO or HIE,” Hieb says. “This will be a little nudge for these RHIOs to get going because now the patient can go anywhere inside the RHIO, and that information will follow them.”
If care is required outside of a patient’s community, the attending provider can scan the bar code and submit the request for information to their local EMPI. That request then goes to the VUHID, which submits the identifier-based request to the full EMPI network with the electronic address to which the information should be delivered.
In this scenario, the patient’s local EMPI consults its local policies and determines what data it can send before fulfilling the request. In this method, Hieb says that the VUHID never sees the patient information because it never crosses the server.
“We are doing it this way because we can go to the privacy advocates, who are on track when they say we shouldn’t have a national database, and prove to them that there is nothing at the VUHID facilities. It knows about the identifiers and that’s all. That’s the key,” he says.
In addition to open identifiers, the VUHID will also issue private identifiers used to link sensitive data such as psychiatric care separately from the rest of the medical record. The patient can control who has access to that information by giving them the private identifier bar code.
Patients who lose their identifier but are comfortable that it has not been compromised can contact one of their providers and request a replacement. If there is concern that the identifier has been compromised, they can request that it be retired and a new one issued. A message is also sent to all participating EMPIs that the identifier has been deactivated and should not be used.
Hieb says that the VUHID does three things to resolve the problems within the current system. First, it solves the logistical problems of linking records from multiple providers by working through EMPIs. Second, because the patient’s identity is known with mathematical precision, comprehensive medical records can be securely shared across providers.
“The third major area we are really fixing in a big way is privacy,” he says. “We’re reducing the potential for identity theft, and we’re giving private identifiers so you, as the patient, can make a decision on release of sensitive information.”
Because it is a voluntary system, Hieb says it will take time and education to achieve the critical mass necessary to show the expected significant benefits on the accuracy of health data.
“We are one step forward. We haven’t solved the problem, but now we have a mechanism to do so,” he says.
Others are not as convinced that a voluntary system can make a significant impact on the error rate, largely due to the length of time it will take to achieve a critical mass of linked records. “You would have to get participation that was very high,” says Glaser. “It’s one of those things that you’d have to get pretty far along before you get the true operational or clinical value.”
There are also issues concerning retroactively linking historical patient data that may not be crossing the HIE or RHIO. It likely will not be attached to the identifier unless healthcare organizations manually pull and link records.
“There has to be an understanding going in that this is a ‘go forward’ system. It doesn’t have instant gratification. Data that are several years old prior to getting the voluntary identifier, you really aren’t going to garner the benefits of that. So there is still a degree of error in historical information,” says Doyle.
Perhaps the most significant issues surround adoption of the technology and applications required to effectively utilize the unique identifier. They include deploying EMRs to enable participation in information exchanges, updating applications to include the appropriate fields for identifiers, and adding scanners to read bar codes.
Given the struggle the industry has had encouraging physician adoption, end-user technology may well be the downfall of any unique identifier system, whether or not it is voluntary—which is why its success will ultimately rest on the industry’s ability to convey its real value to both providers and patients.
“It’s like having a good school system. To the degree that you’ll have educated citizens, you’ll have a strong economy. It enables other things to get done,” says Glaser, adding that with a unique patient identifier, the system allows providers to “be more effective at reducing errors and cutting down on duplicate testing. That has a multifaceted value, and you can probably assign a dollar or social value as well.”
— Elizabeth S. Roop is a Tampa, Fla.-based freelance writer specializing in healthcare and healthcare IT.
How Organizations are Handling Matching Today
Without a unique identifier system in place, the burden of linking patients to records falls primarily on the shoulders of integrated delivery networks and multifacility providers. It is an expensive, time-consuming process that can be particularly challenging for multistate systems that must also deal with regulatory variances.
The Hospital Corporation of America (HCA), for example, deals with matching information that comes from multiple systems within and across facilities, many with their own registration systems. It has a master patient index (MPI) in place in each geographic region, even the smallest of which has a mix of multiple hospitals and MRI centers that are feeding data into a single MPI.
“This is like a national view,” says Tom Doyle, the HCA’s vice president and chief architect and a member of the National Alliance for Health Information Technology Alliance Technology Leadership Committee Advisory Group. “Every week, even in our smallest geographic market, we expend about a person and a half in time to clean up data … and reconcile issues” such as duplicate and mismatched records.
Doyle says that sophisticated software programs are available to work through some of the issues, but there are many other uncertainties that require human intervention. In those cases, a system is in place that kicks “grey-area matches” to a team that is dedicated to conducting daily reviews and reconciling identification issues.
Partners Healthcare System in Boston has devised a way to link patient records from 10 different facilities that have joined the system over a six-year period. It has required the implementation of a core infrastructure to support a manual process when the electronic matching algorithms are unsure about a match.
While it is not impossible to integrate records from divergent facilities and systems, it is neither easy nor perfect at any level. “It can be done on a regional level, but it will be much harder to do nationally,” says John Glaser, PhD, vice president and chief information officer (CIO) of Partners. “If you’re trying to integrate records, you can. It’s just more expensive than it should be, and it also has an error rate.”
Harvard Medical School has established a community member index that currently links the records of as many as 3 million patients using an internal patient identifier. “We have decided that it is important enough for the patients who receive care in our hospitals to do this,” says CIO John D. Halamka, MD, who also chairs the Healthcare Information Technology Standards Panel. He adds that a voluntary patient identifier can be incorporated when one is available.
Halamka notes that creating a national system of any kind will be a significant challenge. “My experience in doing this is that it’s a nightmare,” he says. “It is extremely expensive to try to maintain a large database containing unique identifiers.”