Tuesday, January 8, 2008

National Healthcare Identifiers

I was recently asked to comment on the likelihood that a national healthcare identifier will be created for the United States, such as those that are already used in Canada, Norway, and the UK. Many people do not know that Congress has imposed a hold since 1998 on any funding to plan or implement a national health identifier, so the US Department of Health and Human Services cannot even discuss the issue. Here's the background

August 1996
HIPAA enacted, "Sec. 1173(b) ... The Secretary [of HHS] shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system." Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. 1320d-2(b)).

February 1998
Due to controversy and a lack of consensus, National Committee on Vital and Health Statistics (NCVHS) issues recommendation that the Secretary delay selection and implementation of the unique health identifier. Recommends publication of a Notice of Intent (NOI) in the Federal Register with a 60-day comment period to solicit input from the public.

July 2, 1998
NCVHS publishes background paper, “Unique Health Identifier for Individuals, A White Paper” discussing options for identifying individuals and associated implications.

July 20-21,1998
NCVHS Subcommittee on Standards and Security holds in Chicago what was to be the first in a series of regional public hearings on the Unique Health Identifier for Individuals. Due to public reaction further hearings, as well as the planned publication of an NOI by HHS, are canceled.

July 31, 1998
Vice President Gore announces that the Clinton administration will block implementation of unique health identifiers until comprehensive privacy protections are in place.

October 1998
Congressional hold on provision in FY1999 HHS budget: "Sec. 514. None of the funds made available in this Act [the HHS appropriation act for the next fiscal year] may be used to promulgate or adopt any final standard under section 1173(b) of the Social Security Act (42 U.S.C 1320d-2(b)) providing for, or providing for the assignment of, a unique health identifier for an individual (except in an individual’s capacity as an employer or a health care provider), until legislation is enacted specifically approving the standard." - Public Law 106-554, 105th Congress (114 STAT. 2763).

2000 – 2007
Annual Congressional hold on provision in HHS budget such as H.R.3010.ENR - 109th Congress (2006) Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriations Act, 2006 - Making appropriations for the Departments of Labor, Health and Human Services, and Education, and Related Agencies for the fiscal year ending September 30, 2006, and for other purposes. Sec. 511

My opinion is that a compulsory national health identifier is unlikely but that personal health records may catalyze the development of a voluntary health identifier used to facilitate continuity of care.

Currently, each healthcare provider uses a different medical record numbering scheme, making unification of records from inpatient, ambulatory, lab, pharmacy, and payers a true informatics challenge. At CareGroup we use a statistical, probabilitistic algorithm from Initiate.com that incorporates name, gender, date of birth, zip code and other demographics to link multiple medical records together into a virtual patient record. This works great for John D. Halamka, male, 05/23/1962, 02481 but not perfectly for John Smith, Boston. The Markle Foundation's Connecting for Health Record Linking report is a great backgrounder on this approach.

A voluntary patient identifier, assigned purely with patient consent, would add another element to the matching algorithm and would significantly increase the confidence of linking together demographics of patients with common names.

The benefit to the patient is clear. With new personal health record products like Microsoft Health Vault, and the rumored Google Health offerings, patients would be able to link more accurately to their data at all sites of care, then be able to be stewards of their lifetime records. Since the voluntary identifier would be completely patient consented and controlled, only those patients wanting one would opt in, ensuring personal privacy preferences are respected.

How long will this take? In 2008 , many doctors will start using electronic health records which will provide enough clinical data to make personal health records more value added. In 2009 personal health records will become much more popular but will require manual linking of patient identifiers by requiring patients to establish accounts to access their data with each healthcare provider. I predict that by 2010 a voluntary health identifier will be considered and implemented by some vendors and institutions. Over the next decade, if patients gain confidence in the security of a healthcare information exchange system they control, it is conceivable that Congress would revisit their ban on a secure national identifier for healthcare. Until then, a national identifier is not a prerequisite to getting started with personal health records and I will fully enable any patient to retrieve their health records from BIDMC with their consent via the new generation of standards-based vendor, employer-sponsored, and payer-based personal health records using manual linking methods.


tdavid7 said...

The link to the Markle foundation report doesn't work. It's being treated as a relative address from blogger.com.

The correct address is:

Adrian Gropper said...

Kudos John, for a very clear explanation and progressive position with respect to enabling the manual link between BIDMC and the patient's voluntary PHR agent.

A patient-centered alternative to the scenario you describe eliminates the implied disadvantage of manual linkage and could lead to very rapid adoption of patient-controlled healthcare ID. Consider the inversion of the manual linkage step to where the institution or practice initiates the link to a patient-controlled PHR. This link between identity and information disclosure beyond the direct physician-patient relationship is already implied in current HIPAA consent practices and common medical ethics.

Patient-controlled medical identity is only half of the picture. A patient-controlled PHR or HealthURL enables the practice to combine the traditional HIPAA consent and the PHR link. This adaptation of established federated identity management principles speeds adoption by allowing each individual to choose a trusted HealthURL host from an unlimited catalog of academic, private, government and charitable institutions anywhere on the Web.

Matvey said...

An interesting development on a somewhat related subject: Chertoff on final Real ID rules: "Reconfiguring our society"