Electronic Healthcare Records

A Jump Start for a National Patient ID?

CHIME Launches a $1 Million Contest Designed to Improve Patient Safety, Privacy
A Jump Start for a National Patient ID?

Matching all the right records from multiple sources to the right patient has long been a challenge for healthcare organizations because of the lack of a widely used patient identifier. Mismatching is becoming an even bigger patient safety and privacy concern as more electronic health information is exchanged.

See Also: A Smarter Approach to Third-Party Vendor Risk: A Case Study

Addressing the challenge is so difficult, and so urgent, that the College of Healthcare Information Management Executives - an organization representing healthcare CIOs and CISOs - this week launched a $1 million competition with crowdsourcing site HeroX to help pinpoint a practical national patient identifier solution.

"Now is the time for a national patient ID," Intermountain Health CIO Marc Probst said during a Jan. 19 press conference to kick-off the competition. Probst said his Utah-based healthcare system spends $4 million to $5 million annually on administrative and technology costs associated with trying to accurately match patients with all their medical records.

"As we digitize healthcare and patients move from one care setting to another, we need to ensure with 100 percent accuracy that we identify the right patient at the right time. Anything less than that increases the risk of a medical error and can add unnecessary costs to the healthcare system," said Probst, who is also chair of the CHIME board of trustees.

Congressional Obstacles

One of the biggest hurdles in accurately matching patients with all relevant records is the Congressional ban on the Department of Health and Human Services financially supporting the development of a national ID system (see Making A Case for a National Patient ID). When Congress passed HIPAA in 1996, the law called for the creation of a unique health identifier for individuals. However, in response to controversy that included privacy concerns, Congress in 1999 passed a law prohibiting federal funding for the identifier.

CHIME CEO Russ Branzell this week urged Congress "in the budget cycle for next year to remove the prohibition" on HHS supporting a national patient ID system. Meanwhile, CHIME's contest is designed to get the ball rolling in the private sector.

HHS' Office of the National Coordinator for Health IT has been working on related issues, including electronic health records system interoperability, health data exchange issues and "national standards, including privacy and security," to help the private sector come up with "the best patient matching opportunities," ONC leader Karen DeSalvo, M.D., noted.

Common Problems

While healthcare organizations are making some progress in improving patient identification and matching, those solutions have not been universally adopted, creating risks to patient safety and privacy, according to CHIME.

Healthcare providers vary greatly in how they format names and addresses, and the quality of the data entered into systems can be mixed, CHIME leaders say.

CHIME notes that more than 60 percent of its members use some form of a unique patient identifier to match patient data within their organizations, while others rely on complex algorithms instead. Nearly 20 percent of CHIME members surveyed in 2012 could attribute at least one adverse medical event to incorrect patient matching.

A Patient Safety Issue

Gathering all the information necessary to support treatment decisions is essential to providing quality care, says Rebecca Herold, CEO of the privacy and security consulting firm The Privacy Professor.

Mistakes in matching patients to the right records can lead to problems, she notes, such as individuals potentially gaining access to someone else's health data. Even more significant is the risk that clinicians will make the wrong treatment decisions if they use the wrong information, such as, for instance, records for a patient with a similar name.

"A significant security risk is that injecting health data into the wrong patient's record will likely have an ongoing impact on the prescriptions and health decisions made for the individual until the error is discovered," Herold says. "That could make that patient's health even worse, or even be fatal."

Jeff Cobb, former CISO of Tennessee-based Capella Healthcare and now a principal security consultant at World Wide Technology, says inaccurate records matching is also a problem for billing and claims systems, as well as a privacy risk in patient portals. "You don't want patients accessing mis-identified records," he says.

Innovators to Compete

CHIME's National Patient ID Challenge is open to innovators from around the world.

In the spring, CHIME and HeroX plan to announce participants moving on to the "concept blitz round." Innovators will then further develop their ideas as they prepare for final judging. After that, finalists will need to produce working prototypes of their designs. CHIME intends to announce the $1 million winner in February 2017.

As the innovators plot out their approaches, it's critical that they consider security and privacy risks from the very beginning, Herold stresses. "If all necessary security and privacy protections are not built in from the very beginning, this system could have devastating impacts on patient health, safety and privacy. Any solution will need to be thoroughly vetted by security and privacy experts prior to a public roll-out."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network