Many EHR components were developed as early as 30 years ago, but it wasn’t until 2009 that the federal Meaningful Use incentive program precipitated wide-spread implementation of robust EHRs across healthcare. If the EHRs themselves are young, interoperability (the ability of different systems to communicate with each other) is still in its infancy. A large majority of acute care hospitals and other providers now have an HHS-certified EHR, providing the needed critical mass to make interoperability even possible. But many barriers remain, not the least of which is a lack of standardized patient identification. Many industry leaders agree that achieving interoperability is one reason why it is time to move to a national patient identifier (NPI)—but not the only reason.
The HIPAA architects realized back in 1996 that a standard for unique patient ID numbers was a must-have for accurate data sharing. The concept precipitated a storm of criticism and political pressure, warning of potential identity theft and a big brother-like, government-controlled database. The NPI initiative was quashed by Congress two years later.
Patient data matching now
Now, the healthcare industry is close to having all the technology needed to share healthcare data across enterprises and systems, and we still don’t have the patient identifier. And, it’s still essential for interoperability. The national patient identifier isn’t a solution to all interoperability problems, but it is a necessary element of any real solution.
To make exchanges of healthcare information today, we have to rely on an imprecise method of matching multiple demographic elements in a patient’s profile in the hopes of getting an overall match. Let’s consider the challenges of matching patient’s names. Even if we ignore the very real possibility of misspelling a patient’s name, there are many permutations:
- Full names vs. nicknames: Pat Smith vs Patricia Smith
- Middle names and initials: Patricia Smith vs. Patricia A Smith vs. Patricia Ann Smith
- Hyphenated names and names with apostrophes: There are entirely too many permutations of Patricia Smith-O’Malley’s last name!
- Name changes: What happens to patient identification when Patricia Smith marries Bob O’Malley? The doctor’s office may reach out to a hospital for Patricia’s records only to be unable to match them, because the hospital isn’t aware of the name change. Perish the thought that after the mess is straightened out, Patricia Smith-O’Malley divorces Bob and remarries.
The key strategy being used today to avoid such fertile ground for error is to make matches using more than one data element. For example, the combination of name + date of birth + sex + Social Security number can provide quality matches. However, differences in how the various elements are (or are not) collected and reported cause a significant number of non-matches. How big of a problem is this?
Duplicate patient records
According to a recent AHIMA survey, more than half of health IT management professionals regularly work on fixing problems with patient matching and duplicate patient records. Very specific data about the size of this issue comes from a 2014 ONC study. Kaiser Permanente, an organization with a strong managed data quality program, reported that when it attempted to match up records from within the same region (each of their 17 regions has separately implemented the same EHR) they have a success rate of 90%. When they attempted the same match with records from one of the other regions, the match rate fell to 50%. If an institution with the same data policies and systems can only match patients 50% of the time, imagine the challenge that a regional health information exchange would face, trying to make matches between EHRs of different vendors, from organizations with different data management policies.
Another factor to consider is the high costs of mismatching. According to the same ONC report, each case of misidentification at the Mayo Clinic costs at least $1,200. Intermountain Healthcare spends between $4 million and $5 million per year on technologies and processes intended to ensure correct patient identification.
The simplest solution to identification accuracy is for each person to have a unique identifier that would be linked to all their records and provide a match each and every time. We have something like this in the financial world—it’s the social security number (SSN). The SSN was never intended for use as a financial identifier, but essentially all citizens old enough to work (and non-citizens eligible to work) have one, so it serves the purpose quite well. By extension, the SSN would be impractical as our national healthcare identifier, because there are many patients who do not have SSNs. Also, there are instances in which duplicate SSNs have been issued. It is an irony that the SSN is already used widely as one of the data elements in the matching process described earlier.
Why don’t we have NPI?
Considering that patient identification is so critical to solving interoperability challenges, why don’t we have an NPI? The short answer, as I mentioned above, is politics. Some of the old concerns remain but have lessened somewhat, in particular, the fear that a national ID number is a precursor to a government-controlled dystopian future. The other major objection centers on privacy, and I believe it’s a complete red herring. Consider the following:
- The privacy and security of a national patient ID number would be just as critical as with any other ID, e.g. an SSN or driver’s license. The creation of a national patient identifier doesn’t create any new problems, just a new identifier that could present risks but very likely fewer, because we now have security technologies that could minimize vulnerabilities.
- The risks created by using SSNs are already part of the patient matching scheme. First, healthcare providers have no way to verify the authenticity of SSNs presented by patients. Second, because SSNs are used so pervasively in healthcare as well as outside, they are relatively accessible to ne’er-do-wells who have illegitimate plans for them.
- Finally, the current strategy of using a patient matching algorithm itself poses risks to privacy, in that it would be easy to disclose some of patient A’s information to patient B (or his representative) with a false positive match. Part of the costs of mismatches is due to such mistakes.
A new, unique patient ID number would eliminate these existing risks, if it were implemented correctly, including giving healthcare providers basic capabilities to validate it in real time. Such validations are routine when healthcare providers confirm patients’ insurance coverage upon registration.
Implementation of a NPI program
Implementing a National Patient Identifier program with a solid validation solution and other tight protections is one critical step among many that will be needed to take interoperability from today’s embryonic state into a full grown reality. Bonus takeaways: It would create an additional barrier to medical fraud—a real and growing problem in the industry, and the high costs of patient mismatching will be reduced, if not eliminated.
CHIME has just announced a National Patient ID Challenge, a year-long competition intended to incentivize the private sector to develop a patient identifying solution that would ensure “100 percent accuracy in identifying patients in the United States.” Through a partnership with crowdsourcing innovation platform HeroX, the winner will be awarded $1 million. The challenge is supported by other industry associations such as the AMA, AHIMA, HIMSS, and The Sequoia Project as well as EHR vendors Allscripts and Cerner.
It is heartening that these major industry influencers are actively resurrecting the cause for standard patient identification. Given that major steps in healthcare IT often take decades to fully implement, the time to give birth to the national patient identifier is now.
This was first published on Phoenix Health.