Two decades ago, the Health Insurance Portability and Accountability Act (HIPAA) required the adoption of a unique health identifier for every individual, employer, health plan, and health care provider. This mandate was subsequently overruled by Congress because of patient privacy concerns. Since then, the U.S. has made the largest capital investment in catalyzing the adoption of electronic health records (EHRs) in history.
Yet that $30+ billion capital investment has not delivered on its promise of higher-quality, more cost-efficient care. Why? One important reason is the lack of a unique patient identifier system and the fact that without one, it’s very difficult to link disparate data to obtain a comprehensive picture of any one patient’s health care experiences. It’s time to revisit Congress’s fears about unique patient identifiers and institute a system that will enable more complete and accurate patient records.
Developing a unique patient identifier system would have many benefits. When accurate information is attached to the right patient, data access is timelier for clinical, administrative, quality improvement, and research purposes; inappropriate care, redundant tests, and medical errors are reduced; and health information exchange becomes easier — within organizations as well as between. Identifiers are also beneficial for patient mobility, allowing information to be linked to patients and following them as they move. And when patients have access to their complete records, they’re better able to advocate for themselves and manage their clinical conditions.
The current U.S. system for identifying patients relies on demographic data such as name and birth date, which sometimes are not unique to individuals. Because of this, it’s possible to link only 90–95% of records uniquely between disparate data sets. The result is high rates of duplicate or split records, posing potential risks to patient safety. For example, information about abnormal test results or medication allergies may reside in records that are not linked to the correct patient and the absence of a comprehensive patient record may result in redundant testing. Sorting out the remaining 5–10% of unmatched records is labor intensive and costly, yet it is often essential, especially in clinical care.
Even though unique patient identifiers have considerable support from the health information technology industry and many providers, they are very controversial in the United States. A highly vocal minority fears patient data will be exploited by governments and/or industry and that privacy might be even harder to protect than it is today. Congress responded to those concerns in 1998 when it prohibited the use of federal funds to investigate or create unique patient identifiers.
Looking to Other Countries
Unique patient identifiers have now been implemented in a number of places, including Ireland, the Nordic countries, and the United Kingdom. Scotland’s Community Health Index (CHI) number and England’s National Health Service (NHS) number allow disparate data sources to be reliably connected to minimize misidentification and catalyze research with linked anonymized data sets.
The NHS number, which does not itself carry any information about a person, allows clinicians to accurately convey information about patients to other health care providers, and simplifies many common tasks: sending discharge summaries to a patient’s primary care physician, making referrals to specialists, linking pathology and other reports to an individual’s records, and delivering prescriptions to pharmacists.
Starting with the States
Despite these advantages and the positive experiences in these countries, there is little appetite in the U.S. for pushing forward with identifiers at the federal level. At the state level, however, the outlook is more promising. Nevada and Minnesota have passed legislation legalizing the use of patient identifiers and can serve as testing grounds for clinical data exchange within their borders.
At the federal level, the U.S. Department of Health and Human Services and the Office of the National Coordinator for Health Information Technology should advocate that Congress lift the 1998 prohibition. The agencies should sponsor cost-benefit analyses and pilots to demonstrate the benefits and identify the challenges associated with introducing identifiers. Strict penalties would need to be established for privacy breaches, identity theft, and other types of abuse. If state-level implementations were successful, a national patient identifier could be reconsidered.
With billions of dollars having been spent on EHR implementation, the health care system must vigorously investigate more efficient ways to connect fragmented patient data, an effort that is increasingly relevant as the U.S. moves from a fee-for-service to a value-based health care system focusing on outcomes and populations. If pursued, this change needs to be done with a public mandate, strict penalties for breaches of privacy, and an explicit strategy to improve access to comprehensive, longitudinal records to improve patient care, minimize duplicate records, and facilitate secondary uses of these data to support clinical audits, quality improvement, and research.