Last month, Nordic Consulting Partners joined prominent healthcare systems, physician groups, and healthcare information technology (HIT) vendors to sign onto CHIME-sponsored letters to Senate and House leaders regarding support for patient identification tools in the United States. To understand why such a letter was necessary, it’s important to appreciate how we got here.
Back in 1996 when the Health Insurance Portability and Accountability Act (HIPAA) was enacted, the legislation included language requiring the creation of a healthcare identifier for all Americans. However, in the subsequent two decades, Congress has regularly overruled the law, essentially barring federal agencies from even investigating patient identifiers out of privacy concerns. Lawmakers’ concerns regarding privacy were well-intentioned: they were worried that assigning every American a unique number would make it easier not only for the government to track citizens, but also open Pandora’s box for thieves to steal identities and wreak havoc. The problem is – to borrow a page from medicine – that the cure may be worse than the disease itself.
Without a unique patient identifier, all the participants in the U.S. healthcare system are forced to figure out their own methods to make sure they can appropriately track patients as they move through the various parts of our “system” of care. There should be nothing sinister about tracking folks in order to provide health and wellness services.
Think about how a typical patient gets care from various groups and organizations. Imagine someone seeing a primary care physician in an office setting for recurrent headaches. That person then may see a specialist who orders an imaging study (which is then interpreted by a different specialist). For this simple flow, lots of groups may need to be involved, beyond the three physicians that I referenced – the PCP, the neurologist, and the radiologist. There’s the patient’s insurance company, of course. If the PCP works for a hospital, there will likely be facility fee charges coming from the PCP’s employer. The MRI fee will have an administrative component, and that’s coming from the owners of the machine, not the radiologist themselves. Oh, and if the patient is determined to have a chronic problem, they may be referred behind-the-scenes to a third-party management group to ensure the patient receives optimal care. Believe it or not, this is a straightforward example.
All the above-mentioned doctors and groups must devise their own way to ensure that they keep their information straight and can exchange information with one another. They typically do this with a complicated combination of data points that they think (or rather hope) they know about the patient, such as date of birth, gender, address, etc. If enough of these data points match up, they probably have the correct patient. But...sometimes they’re wrong.
Let’s contemplate Mr. John Smith who was born on 1/1/1941. If Mr. Smith shows up for care at the emergency department, a clerk will have to identify him. If the clerk finds a John Smith who was born on 1/1/1942, is it the same person? Maybe it is the same person if someone made a mistake when his record was first created. Maybe the clerk won’t even notice the one-digit difference. If the clerk checks in the wrong Mr. Smith, we’ve got problems. And this sort of issue happens more than you would think.
When healthcare organizations can’t keep patient information straight, bad events can happen. As quoted in the letters I referenced above, a leading patient safety organization named patient misidentification among the top ten threats to patient safety. Clinicians may see – and act on – test results that don’t belong to a patient’s chart that they’re viewing in the electronic health record (EHR). Prescriptions might be misrouted to the wrong patient. Bills might go out to the incorrect guarantor, causing not only unnecessary anxiety, but also exposing personal health information (PHI) which must be kept private. Lots of events that should never happen can occur when patients aren’t properly identified.
Is a unique healthcare patient identifier the only solution? Not necessarily, but it may be a component. Some health systems are using a combination of digital bits (date of birth, cell phone number, and street address) combined with biometrics such as a palm vein pattern or fingerprints). Under any circumstances, the federal government should be encouraged to work with those in the public and private sectors to explore options and understand the advantages and disadvantages of all the patient ID choices. Misidentifying patients is a serious problem, and we need to address it by working together to find the best solution while helping to safeguard patient privacy.