Recently, we looked at the conflicted history behind National Patient Identifiers (NPIs), from its proposition through the Health Insurance Portability and Accountability Act (HIPAA) of 1996, to its subsequent ban in the following years of its proposal. The Health and Human Services (HHS) Department was banned from working on NPIs due to concerns over privacy. The Clinton Administration argued against NPIs, stating in an HHS whitepaper, “Having different identifiers for the same individual across organizations is sometimes perceived to be protective of individual privacy because potential linkages across data systems are impeded. Having all healthcare organizations use the same identifier increases the threat to privacy by facilitating unauthorized linkages of information about an individual within and across organizations.”
Vice President Gore’s press in 1999 seemed to be the final nail in the coffin: “Because the availability of these identifiers without strong privacy protections in place raises serious privacy concerns, the Administration is committed to not implementing the identifiers until such protections are in place.”
Fast forward 15-odd years and we now live in an age where interoperability is equally as important as privacy. The need for an accurate way of identifying and treating patients has become a top concern in the healthcare industry.
HIMSS, quite possibly the largest health IT organization, in a Recommendation to Congress, stated, “Patient-data mismatches remain a significant and growing problem. According to industry estimates, between 8 and 14 percent of medical records include erroneous information tied to an incorrect patient identity. The result is increased costs estimated at hundreds of millions of dollars per year to correct information. These errors can result in serious risks to patient safety.”
We must realize that the ban was enacted by an organization of archaic sentiments, in the same white paper they noted their fear of EHRs, “This is why some believe that an electronic environment poses greater risks than one that relies on paper records.”
The creation of NPIs is essential to patient safety and saving providers both time and money. The question is, should it be a government-run enterprise, or a private one?
Photo Credit: xkcd
National Patient Identifiers Developed by the Government
There is a precedent for a government-funded and maintained NPI. We can look back on the history of Vehicle Identification Numbers (VINs), and we can see how they worked on a national level. VINs were introduced in 1954, by car manufacturers who created different formats for their respective cars. There was no accepted standard for 27 years until in 1981, the National Highway Traffic Safety Administration of the United States standardized the format. The format as we all know required all over-the-road-vehicles sold to contain a 17-character VIN, which does not include the letters I (i), O (o), or Q (q) (to avoid confusion with numerals 1 and 0). This system created a way of tracking and identifying cars on a national scale, leading to, in a healthcare related term, interoperability. It created an effective system that boosted safety for both customers and manufacturers. We can also look at government run-entities such as the United States Numbered Highways and airline identification formats; these systems create a national infrastructure that is safe and efficient.
But we must also look at the potential downfalls of a government-run NPI—not every government-standardized system creates a safe environment. For example, the favorite target of hackers and data miners: Social Security Numbers (SSNs). In February of this year, the IRS reported that computer hackers stole the tax information, 700,000 people, including their Social Security numbers. Breaches by hackers are a constant threat to safety, and may further be increased if more information is standardized by the government.
National Patient Identifiers through Private Enterprise
The other option, NPIs through the healthcare industry, is also viable. The most used health information exchange standard, HL7, is a run by private enterprise. HL7 the organization describes itself as a “not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery, and evaluation of health services “. The standard of HL7 is practically the only viable solution for exchanging health information. It is something endorsed and developed by the healthcare industry, for the healthcare industry. Their new standard HL7 FHIR promises to revolutionize interoperability standards.
HL7 proves that it is possible to create a successful and nationally endorsed standard for health care, without governmental red tape. However, with all private industry, there are inherent obstacles that may sidetrack the goal of an NPI. The main problem is competition and profitability. If NPIs are allowed to be developed by private enterprises, it opens the floodgates for corporate entities to create their own NPI to reign supreme over others. The inherent problem then becomes corporate profitability vs. interoperability. Unless the healthcare industry can agree to stick to one standard such as HL7, the competitiveness between those looking to create their own NPI for personal gain will hamper its creation.
The Concern over Privacy is Over
HIMSS, in the same Policy Recommendation to Congress, stated, “An informed nationwide patient data matching strategy would enhance, not compromise, the privacy and security of patient health information. Such a nationwide patient data matching strategy does not mean a national identity number or card. Technological advances now allow for much more sophisticated solutions to patient identity and privacy controls, including patient consent, voluntary patient identifiers, metadata identification tagging, access credentialing, and sophisticated algorithms.”
The sentiment of caution and security are archaic and outdated. It is high time we find a way to create a National Patient Identifier, regardless of its origin.