Designing a Durable Patient Identification System for Healthcare

Executive summary

Dr. Barry Hieb, an expert in the field of patient identification, presents requirements that must be satisfied for any patient identification system to succeed in United States healthcare. “Success” is more than accurate patient identification, which is essential to safely manage health records. Today, in any healthcare organization, patients may have duplicate records or, worse still, their data may be mixed with other patients. In the United States, any successful approach to patient identification must also address many issues -- patient safety, organization efficiency, patient privacy, security, fraud, universality, cost, simplicity and future proofing -- in a manner acceptable to patients, providers, payers, IT system vendors and, of course, all healthcare organizations.

Introduction

Accurately identifying patients has been a longstanding topic among virtually all healthcare stakeholders. It is universally acknowledged that accurate patient identification is a critical prerequisite to the provision of safe and effective medical care. However, the heterogeneous nature of healthcare information systems, the appropriate but demanding requirements for healthcare privacy, the bewildering politics surrounding healthcare at the federal level, and the complex requirements of individual patients have all combined to make progress on this issue extremely difficult. Despite these obstacles, some progress is being made. (CHIME is nearing the end of a National Patient Identification Challenge and the ONC is conducting a challenge concerning patient matching algorithm.)

This is one in a series of white papers discussing current issues relating to the healthcare industry’s efforts to improve patient identification. This document reviews high-level requirements that must be satisfied if a patient identification system is to be embraced by the United States healthcare environment. It provides a broad context concerning the need for accurate patient identification, and offers a framework for subsequent drill-down to explore various aspects of this complex challenge in the context of the solution offered by Global Patient Identifiers, Inc. (GPII).

Safety

The highest priority for any patient identification approach is to support the healthcare system in delivering safe and effective clinical care. This requires that each encounter be based on positive identification of the patient and assured access to all clinical information concerning this patient that may be relevant to this treatment episode. It is critical that no information from any other person be inappropriately mixed with the clinical record for this patient. The primary goal for accurate patient identification is this ability to present the patient’s clinicians with a comprehensive and accurate medical record.

Effectiveness

The cost of healthcare continues to escalate. One factor that leads to increased cost is the ineffective and error-prone method healthcare organizations use to identify patients. Any solution to this problem must streamline various processes associated with registering patients and rendering care, virtually eliminating all of the patient identification errors that currently plague identification approaches.

Comprehensiveness

It is essential that we accurately identify patients for all clinical encounters and healthcare-related activities. For most episodes, the patient will be physically present (e.g., clinic visits and hospital admissions). However, many healthcare activities are performed while the patient is absent. These include billing, referrals, and interoperability situations where patient information is shared among organizations. The chosen patient identification methodology must provide equally accurate identification across all these activities and provider sites, regardless of their individual health information technology suite.

Scalability

The chosen patient identification methodology must scale to arbitrarily large populations. In the near term, this may mean being able to handle the entire population of a community or a state, but eventually the entire United States. In the future, this may well mean being able to scale to accommodate global populations, or at least accurate patient identification to support data sharing across borders and continents.

Universality

There must not be any factors that prevent certain patient populations from being processed. Insurance, language, citizenship, ability to pay, age, politics, access to technology – none of these can be a barrier to a person’s participation in the patient identification system. Any individual in need of healthcare services is qualified.

Interoperability

There are thousands of information systems used in healthcare. A comprehensive patient identification system cannot by itself achieve interoperability. However, it is the bedrock capability upon which all interoperability efforts must be based. If two organizations are going to exchange clinical information, they must be certain that they are talking about the same individual. Only when identification is assured can the benefits of interoperability be realized. No amount of technology can produce a safe and effective information exchange without accurate patient identification.

Billing Accuracy

In the United States, we must accurately link an individual’s treatment to the appropriate mechanisms that ensure proper payment. Any patient identification approach must link directly to financial and billing systems to ensure that financial healthcare information is complete and accurate for this individual.

Simplicity

Patient identification must be simple to use by clinicians, clinical care organizations and, most importantly, by patients. To paraphrase the words of Albert Einstein, “Everything must be as simple as possible, but no simpler.” This ensures that the system can be used effectively by all healthcare workers and patients. Simplicity and, as much as possible, transparency, will minimize identification errors that can create risks to patient safety.

Resilience

No matter how simple and elegant a healthcare information system is, the participation of humans guarantees that errors will occur. The identification system must be designed to minimize the incidence of errors. It must also be sufficiently transparent that users can readily detect an error. Finally, the system must be able to perform rapid and complete repairs once an error has been isolated and understood.

Privacy

Many patients will opt out of any method of identification they believe will jeopardize their privacy. Because there are at present no universally accepted models for how to ensure the privacy of medical information, the identification system must be able to adapt to the privacy wishes of each individual person. Furthermore, the system must continue to adapt to the patient’s wishes as their medical situation evolves over time. A well-designed patient identification system can support these privacy requirements for each individual patient, regardless of the limitations of the underlying healthcare IT systems that are being used by that patient’s providers.

Secondary uses

Medical education, medical research, pharmaceutical research, and public health all require clinical information. The patient identification system must enable publishing appropriate subsets of a patient’s clinical information in such a way that there is no ability for that information to be linked back to the actual patient.

Anonymization

To serve both privacy and secondary use functions, a patient identification system must, ironically, have strong anonymization and de-identification capabilities. For example, a researcher studying colon cancer must be able to de-identify a data set from a patient and publish it as part of a research paper investigating treatment protocols. Furthermore, at a later date, the researcher must be able to update that set of information with new information concerning this patient. It must be possible to do this with 100% confidence that the correct data set is being updated, that the data is not inadvertently being “double counted” by creating a duplicate data set, and that this update does not in any way jeopardize the anonymity of the patient involved.

Synergy

Healthcare already uses a myriad of patient identification technologies. These include techniques such as demographic matching, knowledge-based authentication, and biometric technologies. A new patient identification system must work synergistically with these existing technologies. It must not require “rip and replace,” but rather enable “upgrade and improve.” The patient identification system should enable a care delivery organization, if it chooses, to continue to use its existing identification capabilities and improve the performance of those systems by eliminating errors.

Fraud

Achieving accurate patient identification will enable care delivery organizations to eliminate one of the most significant sources of healthcare fraud. Medical identity theft enables an individual who has stolen someone else’s identifying information to then obtain clinical care that is billed to the victim’s insurance. A robust patient identification approach must offer a variety of features and safeguards that make this deception impossible.

Security

The implementation of a new patient identification strategy must include stringent security safeguards that ensure that the new system does not represent an increased security risk. Tools such as encryption and anonymization can help achieve this goal. In addition, it is important that the patient identification system avoids the need for an actual or virtual nationwide database of patient identifiable information. Avoiding the creation of such a database eliminates a major vulnerability that might inevitably attract hackers, lawyers, and others who have a self-interest in gaining access to such information.

Standards

To the maximum extent possible, a national patient identification system must avoid the use of proprietary technologies and capabilities. Not only do such proprietary components add to the overall expense of the systems implementation, they also tie the longevity of the system to the business fortunes of the involved companies. Use of public standards will ensure that the identification system can realize reliable long-term operational stability.

Cost-effective

The patient identification strategy must be able to serve the entire spectrum of healthcare facilities. Its cost must not place an undue financial burden on organizations that adopt it. Meticulous attention must be paid to all aspects of the system’s design to ensure that the deployment and operational costs of the entire system are kept to an absolute minimum. Accurate patient identification is good for business – better service for patients, faster access to the right patient information for clinicians, and reduced duplicate tests and medical errors. Cost savings that far exceed the cost of implementation will be derived from operational efficiencies and improvements in accuracy of patient information.

Future proofing

It is not possible to foresee all the potential future requirements that may be placed on a patient identification system. Consequently, it is essential to build in as much flexibility as is possible to support future requirements as efficiently as possible. The system must include features to assist the deployment of increased operational scope and new capabilities as the system evolves over time.

Summary

The set of requirements given above is by no means exhaustive. However, it generates a daunting list of features that are required to achieve a successful national patient identification strategy. Subsequent documents in this series will explore these topics in more detail and will describe how the GPII system can achieve all the goals outlined above. We welcome dialogue on these and related issues.