HIT Perspectives: National Patient Identifier

HIT Perspectives – November 2016

A National Patient Identifier: An Idea Whose Time has Come Again

By Michael Burger, Senior Consultant

From an interoperability perspective, identifying patients so their clinical records across multiple care providers can be collated in a comprehensive and complete care record is an important but difficult task. The challenge is that there is currently no single way to identify individual patients within and across the health care ecosystem. In response, stakeholders use a variety of patient data and complicated algorithms to try to link patient records. Despite the sophistication of the methodologies, matching remains imprecise. The result is expensive overhead to manually sort things out as well as costs related to poor care quality, patient safety and potential liability.

Recognizing the need, the industry has developed solutions with varying levels of sophistication. A recent strategic alliance between Experian Health and the National Council for Prescription Drug Programs (NCPDP) is the latest entrant into the space. In the meantime, stakeholders are calling for the end of a Congressionally imposed ban on the creation of a national patient identifier standard by the government that has existed since the late 1990s.

Why is it so hard to identify patients and their records? A national patient identifier sounds like a pretty simple concept. It’s not. The complexities of creating one are extensive. There are people with the same names and birthdates; people who go by a nickname, alias, initials, hyphenated names or multiple names, such as their birth and married names; and people with the same name who live at one address. There are additional challenges posed by clerical errors and data discrepancies introduced during diagnosis, treatment and billing. Plus, the size of the health care delivery system and fragmentation of paper- and computer-based recordkeeping enormously complicate things. Cumulatively, these issues make accurately identifying patients and associating them with their records a colossal undertaking.

The Social Security number (SSN) used to be the “gold standard” of patient identification, but even that is fraught with challenges. For one thing, the SSN is no longer a sacrosanct, unique number; a single SSN has been seen as being used by multiple people without the government’s knowledge. Providers and payers have no way to verify the authenticity of SSNs presented by patients. Patients are unwilling to share SSNs in response to the rise in identity theft. As a result, medical practices, hospitals and insurers increasingly are discarding the SSN in favor of their own identifiers. In fact, the government is getting ready to remove SSNs from Medicare cards in response to a provision tucked away in the Medicare Access and CHIP Reauthorization Act.

Then, there is legislation. In 1996, Congress mandated the creation of a patient identifier as part of the administrative simplification portion of the Health Insurance Portability and Accountability Act. Patient advocates objected and pressured Congress. As a result, federal appropriations legislation for fiscal year 1999, passed in 1998, prohibited the Department of Health and Human Services (HHS) from spending any funds to create a unique patient identifier standard, unless authorized by Congress.

Industry efforts. Until recently, there has been no appetite for repealing the ban on a federal patient identifier standard. To fill the gap, the industry has responded with a variety of solutions. Available commercial solutions vary along a number of parameters. These include the sophistication of the matching algorithms, kinds of data needed, price, platform, scalability and the abilities to correctly match patients and cleanse duplicate records.
Some organizations, like Surescripts, have created internal methodologies for matching patients with their records. Surescripts initially created this service to facilitate electronic prescribing. Leveraging that expertise, the company recently launched its National Record Locator Services (NRLS). According to Surescripts’ press release, the NRLS went live this year with 140 million patients and more than 2 billion interactions between those patients and members of their care teams — regardless of where care was delivered. The new service will be offered without charge until 2019 to electronic health record system (EHR) vendors.

The CommonWell Health Alliance provides members with a patient matching service. It supplements demographic data in participants’ EHRs with other identifiers, such as government-issued identification (ID). As of June 2016, CommonWell has more than 8,000 provider sites committed to using the services, including 4,700 in production, in all 50 states, the District of Columbia and Puerto Rico.

The Experian Health and NCPDP alliance addresses the challenge from a slightly different direction. As announced, Experian Health’s Universal Identity Manager will be leveraged to accurately identify patients and match records within and across disparate health care organizations (pharmacy, lab, payer, provider etc.) to create a unique, universal patient identifier. The new approach benefits from Experian’s success in matching, managing and protecting identities across various industries and NCPDP’s extensive knowledge of pharmacy claims and standards. Both organizations have witnessed firsthand the challenges associated with the lack of a universal patient identifier. They believe their solution will be easy to append within clients’ systems.

Moving forward. A number of drivers have spurred the development and use of a patient identifier. They include:

Stakeholders want a national patient ID. Stakeholders are becoming vocal about the need for correct patient identification and removal of the ban on a national identifier standard. In a recent paper, the influential National Academy of Sciences called for a reset of the 2004 federal health goals, including creation of a national patient identifier. The American Health Information Management Association (AHIMA) initiated a petition aimed at the White House to address a voluntary patient safety identifier solution to patient matching. In January, the College of Healthcare Information Management Executives (CHIME) launched a $1 million contest to accelerate creation and adoption of a solution for ensuring 100% accuracy in identifying patients in the United States. If that isn’t enough, nearly two dozen stakeholders recently sent a letter urging Congress to allow HHS to create a unique patient identifier. Signatories read like a Who’s Who, including AHIMA, America’s Health Insurance Plans, American Medical Informatics Association, Blue Cross Blue Shield Association, CHIME, Health Information and Management Systems Society, IMS Health Intermountain Healthcare, Long Term and Post Acute Care (LTPAC) Health IT Collaborative, National Community Pharmacists Association (NCPA), Pharmaceutical Care Management Association (PCMA) and Surescripts.
The business case is compelling. Disparate and disconnected patient records cost a lot of time and money to sort out. Duplicate records alone account for 5% to 15% of all patient records or about 15,000 duplications for every 100,000 records. Addressing the challenge is expensive. According to one report, each case of misidentification at the Mayo Clinic costs at least $1,200 to fix. Intermountain Healthcare spends between $4 million and $5 million per year on technologies and processes intended to ensure correct patient identification. That’s not even counting the costs associated with duplicative testing and potential adverse outcomes due to comprehensive patient records not being available.
Need for interoperable data exchange. The world has changed significantly since the late 1990s, when the Congressional ban on a national standard was put in place. We have the technological means to exchange large volumes of patient data. EHRs are used in nearly all hospitals and 80% of physician offices. There are government mandates, such as meaningful use, that increase the need for electronic creation and exchange of patient data. The rise of integrated delivery systems also creates additional demand for sharing of patient records and data. Many, including the RAND Corporation, believe that true interoperability in health care cannot be achieved without a national patient identifier.

Of course, there will be challenges to implementing any national patient identifier. They include:

Privacy and security. Some privacy advocates argue that a system built on patient-specific identification numbers could lead to the disclosure of confidential information or the misuse of patient information. Advocates didn’t like the idea in 1998, and they aren’t likely to be more receptive nearly two decades later. While some would argue that health information technology and related infrastructures are more secure than ever, that argument is undercut by the data breaches that seem to happen on a daily basis. Medical identity theft is on the rise, which potentially could be facilitated by a single number for every patient. All of this throws cold water on the desire for a national patient identifier — at least for some.
Practicality. Numerous changes would be needed to implement a national patient identifier. For example, there likely would be a new government structure to issue them and manage their creation and use. It will take some doing to correctly identify patients and merge duplicate ID numbers for existing records within and across organizational boundaries — and then reassign the new identifier. Then, there are large-scale system changes for everyone. It’s a huge undertaking, considering it would involve all patients and every single provider, payer and vendor. And it would take time to implement, especially if government rulemaking is involved.
Costs. It could be expensive to change existing systems and records to add a patient’s identifier, both retrospectively and prospectively. There also are administrative and governance issues, including opt in/opt out, which will add to implementation costs.
Business case for vendors. EHR vendors are aware that patient matching is an issue for their customers but a business case is needed. Even if a national patient identifier is created, it is likely that individual stakeholders will request additional and varying data elements and formats. Such customization is expensive and time consuming. Moreover, EHR vendors are reluctant to make any changes without user demand, which traditionally has been driven by legislation. Interestingly, Surescripts’ NLRS has been introduced to the EHR vendor market without government mandate for a patient identifier.

What do we think? We will be watching with interest the sudden competition among various patient identifier offerings. We also will be watching to see how these industry-generated identifiers will shape the accuracy of — and access to — patient records. We think stakeholders will be making a run at the new Congress to repeal the ban on the patient identifier standard, in addition to the stakeholder letter that was just delivered to the lame duck session. If the ban is lifted, it will be interesting to see which standards will be mandated by the government (we presume by the Centers for Medicare and Medicaid Services), and how that affects what’s already happened in the industry. Even if a new national identifier standard is permitted, its development and implementation could take years. Regardless of what happens, we think there will be pushback from advocates. We certainly haven’t seen the last of this topic. Stay tuned.

November 30, 2016