Tuesday, October 28, 2008

Unique Patient Identifiers – Well Worth the Effort it Seems!

The RAND Corporation released an important Report this week.

Creating Unique Health ID Numbers Would Facilitate Improved Health Care Quality and Efficiency

Creating a unique patient identification number for every person in the United States would facilitate a reduction in medical errors, simplify the use of electronic medical records, increase overall efficiency and help protect patient privacy, according to a new RAND Corporation study.

Although creating such an identification system could cost as much as $11 billion, the effort would likely return even more in benefits to the nation's health care system, according to researchers from RAND Health.

"Establishing a system of unique patient identification numbers would help the nation to enjoy the full benefits of electronic medical records and improve the quality of medical care," said Richard Hillestad, the study's lead author and a senior principal researcher at RAND, a nonprofit research organization. "The alternative is to rely on a system that produces too many errors and puts patients' privacy at risk."

Federal legislation passed over a decade ago supported the creation of a unique patient identifier system, but privacy and security concerns have stalled efforts to put the proposal into use.

As adoption of health information technology expands nationally and more patient records are computerized, there have been increasing calls to create a system that would make it easier to retrieve records across varying systems such as those used by doctors and hospitals.

RAND researchers examined the costs of creating a unique patient identification system, compared the error rates of such a system and its alternatives, and examined the operational advances and disadvantages of the technology.

The RAND study concluded that one of the primary benefits created by broad adoption of unique patient identifiers would be to eliminate record errors, and help reduce repetitive and unneeded care.

In the absence of unique patient identifiers, most health systems use a technique known as statistical matching that retrieves a patient's medical record by searching for attributes such as name, birth date, address, gender, medical record numbers, and all or part of a person's Social Security Number.

Reviewing past research studies, RAND researchers estimated that statistical matching returns incomplete medical records about 8 percent of the time and exposes patients to privacy risks because a large amount of personal information is exposed to computer systems during a search.

The study also concluded that many of the privacy concerns related to a unique patient identification system could be addressed through the creation and enforcement of laws that severely punish those who misuse information retrieved with a health ID number.

"Our research suggests that it's easier to safeguard patient privacy with a records system that makes use of a unique health ID rather than a system that uses statistical matching," Hillestad said.

One way to deal with privacy concerns might be to allow to people to voluntarily enroll in a unique patient identification system, researchers say. Such an approach would allow a unique health identifier system to demonstrate that it can be used without compromising patient privacy and can be more accurate than current statistical matching systems.

Some proposals have suggested using patients' Social Security Numbers as a medical identifier. But the RAND study found Social Security Numbers are a poor option because they are so widely used and they pose risks of identity theft.

A genuine unique patient identification system would be more secure because it could include safeguards such as check codes that allow numbers to be easily screened for input errors. Such check codes are mathematical combinations of the other digits in the number and are commonly used in other digital IDs such as those in the product bar codes scanned at checkout counters.

Support for the study was provided by a consortium of health information technology companies. They include Cerner Corporation, CPSI, Intel, IBM, Microsoft, MISYS, Oracle and Siemens.

The study, "Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System," is available at www.rand.org. Other authors of the report are James H. Bigelow, Basit Chaudhry, Paul Dreyer, Michael D. Greenberg, Robin C. Meili, M. Susan Ridgely, Jeff Rothenberg and Roger Taylor.

RAND Health, a division of the RAND Corporation, is the nation's largest independent health policy research program, with a broad research portfolio that focuses on quality, costs and health services delivery, among other topics.

Learn More

The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world.

----- End Release

The release is found here:

http://www.rand.org/news/press/2008/10/20/

Note: The report was sponsored by the following companies:

Cerner Corporation, CPSI, Intel, IBM, Microsoft, MISYS, Oracle, and Siemens.

The financial implications are pretty big!

“A one-time cost of $1.5 to $11.1 billion for a UPI, to remove the systemic errors in health-records retrieval, is small by comparison with the value a potential efficiency savings of $77 billion per year at the 90-percent level of adoption (with additional safety and health values that could double these benefits) that previous studies estimated for connected Electronic Health Record (EHR) systems.”

See the following site:

http://www.rand.org/pubs/monographs/MG753/

There has been a lot of coverage of the report. The LA Times is typical.

Your own health ID number

3:57 PM, October 20, 2008

It's been a decade since federal legislation called for the creation of a unique patient identifier -- a number carried by each American linking patients to their individual health records -- but concerns about privacy and security, reported way back in the July 21, 1998, Los Angeles Times, have stalled efforts to put the proposal into use.

Concerns still exist, but it may be an idea whose time has come, according to a Rand Corp. study released online today. It turns out that the compromise fashioned to adhere to the 1996 Health Insurance Portability and Accountability Act mandating the creation of a system to accurately identify patients has resulted in a system in which privacy is at risk, while not doing enough to prevent errors.

Short of a new system with a new number for everyone, most hospitals and health systems instead rely on what's called statistical matching, based on multiple personal attributes, such as name, address, birth date, gender and Social Security number, to accurately match a given patient with his or her MRI results, blood records or medical history.

That's why, when you call your insurance company, the representative might think nothing of asking, "What's your soch?" -- translation: social security number. The statistical matching system now in use is more likely than a new unique patient identifier system to result in errors, repetitive tests and unnecessary care. Rand researchers, led by senior principal researcher Richard Hillestad, found that the system now in place returns incomplete medical records about 8% of the time and exposes patients to privacy risks because of the large amount of personal information needed to do a search.

More here:

http://latimesblogs.latimes.com/booster_shots/2008/10/your-own-health.html

If confirmation was needed then here we have it! Investment in a national health identifier is clearly a sensible thing to do and NEHTA needs to get on with it – while ensuring the privacy and security issues are solved through relevant legislative and management process actions.

David

4 comments:

  1. You say NEHTA needs to get on with developing a National Health Identifier.

    Just a sec - isn't Medicare Australia doing the development in partnership with NEHTA?

    I thought NEHTA was going to specify what is needed, then in some fuzzy kind of project management capacity subcontract the job out to Medicare Australia to undertake system development and implementation. Correct?

    I also thought some of NEHTA's funds had been earmarked and transferred across to Medicare Australia about 12 months or so ago for that purpose. Correct?

    Please correct the above if (or where) it is incorrect. And could you please let us know WHO has the responsibility for this project.

    Is it DoHA? Is it Medicare Australia? Is it NeHTA? or Is it a combination of two or more sharing the responsibility and the accountability so no-one can be identified when nothing much happens?

    ReplyDelete
  2. My understanding is that NEHTA has contracted MA to deliver the identification systems on their behalf.

    David

    ReplyDelete
  3. So that means Medicare Australia needs to get on with it. What information is avaialable that tells us where they are up to?

    ReplyDelete
  4. NEHTA makes an easy target for all the pessimistic comments by people who wish to turn a blind eye as to who is actually doing the development and changing direction/requirements.

    ReplyDelete