When we look at how healthcare data is managed in the U.S, we see a vast array of different systems in different companies—managing information in a thousand different ways. While the goal is the same for everyone: to build an infrastructure that promotes interoperability and safety, the consequence of having multiple information systems is the all-too-frequent occurrence of patient data mismatches. When a patient’s data does not match a hospital’s, it leads to errors that cause tremendous financial loss and risk patient safety.
The Health Information Management Systems Society’s (HIMSS) recommendation to Congress states, “Patient data mismatches remain a significant and growing problem. According to industry estimates, between 8 and 14 percent of medical records include erroneous information tied to an incorrect patient identity. The result is increased costs estimated at hundreds of millions of dollars per year to correct information. These errors can result in serious risks to patient safety.”
What we need is the ability to synchronize health information on a national level. A system that conjoins patient records in a way that minimizes the chances of error or mismatch.
A possible gateway to solving our interoperability challenges is healthcare’s sleeping giant: the national patient identifier (NPI).
The NPI was previously considered as part of the Health Insurance Portability and Accountability Act (HIPAA) when it was signed into law in 1996. The purpose of an NPI was to allow the identifying and indexing of patients on a national scale, through one source. An NPI could allow all healthcare systems to align patient record data, allowing for accurate patient information to be presented across all providers concerned with a patient’s treatment.
But, the NPI has been prevented from complete development in Congress, who banned funding the NPI over privacy and security and security concerns in the late 1990s. Many fear that an NPI would transform our healthcare system into one of coercive and intrusive surveillance. They argue that a national patient identifier would restrict the security of patient data and anonymity of patients.
Yet, in the 16 years since its ban, the conversation over the NPI has not decreased; rather, it has grown in volume. We live in an age where interoperability is as important as privacy— the enormous amounts of health data floating through different systems needs to be managed in a way that promotes patient safety and security.
We must ask ourselves: is the NPI the answer for a safer and more comprehensive health infrastructure, or would an NPI open the floodgates to a zero-privacy Big Brother society? And if an NPI were to be created, how would we implement one?
An NPI to Boost Interoperability and Patient Outcomes
The lack of cohesion between our information systems is something many find unacceptable in this day and age. Health information solutions such as HL7 FHIR provide interoperable ways to exchange information, but not find it. An NPI would allow for searchable and up-to-date patients records on a national level. This would allow for an accurate patient health assessment regardless of location.
In the 2016 executive brief by patient safety organization ECRI Institute, patient identification mismatches were ranked 2nd in the top concerns over patient safety. Patient identification errors have “broad implications,” says Stephanie Uses, PharmD, MJ, JD, patient safety analyst and consultant, ECRI Institute. “Let’s say you have a misidentification at registration,” says Uses. “That can continue through their stay and even affect their post-acute care.”
Not only do patient data mismatches cause an increased risk to patient safety, providers face an increased organizational and financial burden when dealing with duplicate or inaccurate records. Providers spend millions on patient record systems which are usually exclusive to their practice. Having one system that identifies patients across systems and locations would be beneficial for providers both large and small.
“The multitude of different solutions and the lack of a national coordinated approach pose major challenges for our health information infrastructure and result in millions of dollars of unnecessary costs,” HIMSS notes in the same recommendation to Congress.
While not advocating a specific solution, the EHR Association, a trade group of companies that develop and support the majority of operational electronic health records in hospitals and ambulatory care environments across the U.S., has long supported the development of a strategy to resolve this issue. In its requests to Congress from National Health IT Week 2014, the Association states: To improve patient safety and data interoperability, we also ask Congress to encourage development of a consistent nationwide patient identity matching strategy. As one of the most critical unresolved issues in the safe and secure electronic exchange of health information, such a solution is key to ensuring the accurate, timely, and efficient matching of patients with their healthcare data across different systems and settings of care.
Would an NPI Threaten Privacy and Security?
While the NPI seems like a great way to boost interoperability in the U.S., opponents of an NPI believe that it will threaten data security and patient privacy.
“It would collect information about us without our consent or even our knowledge, much as the National Security Agency has been doing with telephone records,” Adrian Gropper, CTO of Patient Privacy Rights argues. An NPI could possibly be used for other purposes besides patient record matching, such as risk adjustment and price inflation. Having everyone’s record on one system could create a system detrimental to citizens. Many fear that the NPI would be a step towards a Big Brother-like system—one where every health record of every citizen could be exposed.
The privilege of anonymity may also be at risk if an NPI is created. An NPI may remove the veil of privacy for patients who do not wish for their clinical information to be shared. Doctors who are able to see a patient’s medical history and previous diagnoses could be constrained from providing a fully-informed second opinion. It would lead to the “rationing of care, which would destroy medical ethics and patients’ trust in their physicians,” Twila Brase, cofounder and president of Citizens’ Council for Health Freedom argues.
A Possible Solution for the NPI: Public Encryption
It is essential that any NPI solution that is implemented be both interoperable and secure. One of the most promising solutions is public encryption to secure the patient ID. The ANSI HISB (American National Standards Institute’s Healthcare Informatics Standards Board) described this method as a two-key system that would allow data to be encoded with one key and decoded with another key in such a way as to reveal the patient identity only to entities with both keys, one of which would be in the control of the patient.
The Department of Health and Human Services (HHS) released a white paper, titled “Unique Identifiers for Individuals”, arguing that public encryption for the national identifier would be a viable prospect.
And there is already precedent, as the United States Postal Service (USPS) is already implementing this type of encryption; citing the benefits of:
- Confidentiality – The transformation of data into a form unreadable by anyone without the proper key.
- Data Integrity – A service that addresses the unauthorized alteration of data by either confirming its integrity or warning about changes.
- Authentication – The process whereby users or information sources prove that they are who they claim to be.
- Non-repudiation – A service that limits denial of previous commitments or actions.
In the twenty years since the NPI’s inception (and subsequent defunding), we’ve seen substantial growth in conversation towards an NPI. The health IT world wants the same thing: to provide effective patient care and limit the amount of patient data mismatches.
We must look for a solution towards an NPI while keeping in mind concerns over privacy and security. An NPI could possibly pave the way to a more interoperable healthcare system, but can an NPI lead us down a slippery slope? Being able to identify everyone at all times may create an intrusive system that compromises our safety and privacy, though a system that is properly encrypted and managed may reduce the threat of privacy and security breaches.
At the end of the day, we must ask ourselves: where do we find the balance between interoperability and privacy?