Imagine an identification number containing every iota of your health data – documenting every disease and ailment you’ve been treated for, every doctor you’ve seen – a number unique only to you. With such holistic data, the implications for improving patient care and reducing inefficiencies appear enormous.
Now imagine your personal health data peddled to pharmaceutical behemoths, research corporations and third-party miners, a place where you, in fact, are not in control of your own information. All of a sudden, things appear differently.
The idea of unique patient identifiers is not a concept extracted from the next dystopian novel. It could very well be reality in the not-so-distant future. The question remaining, however, is whether or not the benefits of such technology outweigh constitutional privacy and patient trust concerns. Naturally, depending on whom you ask, the answer varies considerably.
When the Health Insurance Portability and Accountability Act was signed into law in 1996, it originally mandated that all Americans be issued a UPI based on the potential benefits they could bring to patient care. After a series of federal hearings in 1998, however, the language was revised due to certain public opposition, and subsequently put forth that federal money could no longer be used to fund a national UPI system.
Despite the current standstill at the federal level, however, efforts to implement UPIs are very much moving forward, says Barry Hieb, MD, chief scientist at Global Patient Identifiers, a healthcare nonprofit organization that sponsors a voluntary universal healthcare identifier system. In fact, the organization he represents has developed a UPI solution and is within a week of signing its first contract with a partner.
Hieb points to the case of Houston’s enterprise master patient index system, a database of some 3.5 million patients. He says in that database alone, there exists nearly 250,000 patients with the same first and last name and 70,000 instances where two people share the same first name, last name and birthdate. “What that means is that the EMPI matching algorithm really can’t do a good job because there’s just a lot of uncertainty.”
And, as Hieb has witnessed, that uncertainty can have serious consequences for patient care. First, it can lead to a false negative, which occurs when two records ought to be merged as they are on the same patient, but due to a mistype, they exist as two separate records. This, he says, could lead to the loss of certain lab test results. "In the very least, it’s a delay."
What’s more dangerous, he adds, are the false positives, which occur when two patient records are merged, and one patient gets treated for another patient’s disease, a mistake that can often prove fatal.
"The problem is that now as we’re moving to regional and statewide and even national information exchange on patients, now, we’ve got to get really serious about accurate patient identification."
Hieb cites a 2008 RAND study that made the case for UPIs, concluding that identifiers are “clearly desirable for reducing errors, simplifying interoperability
, increasing efficiency, improving patient confidence, promoting NHIN
architectural flexibility and protecting patient privacy.”
Study researchers estimated the one-time cost of such system at between $1.5 billion to $11.1 billion, but could represent a total $77 billion per year in cost savings.
Many readers, however, point out that the study was funded by corporate health IT giants including Cerner
, CPSI, IBM, Microsoft, Oracle and Siemens.
Moreover, opponents of UPIs opine that the supposed clinical and financial benefits of such technology are far inferior to that of the harm they can precipitate for physician-patient trust and individual privacy rights.
Deborah Peel, MD, founder of Patient Privacy Rights, and a fierce opponent of UPIs, writes in a Jan. 23 Wall Street Journal article
, "In the end, cutting out the patient will mean the erosion of patient trust. And the less we trust the system, the more patients will put health and life at risk to protect their privacy."
Peel points to the present reality of patient health information – genetic tests, claims data and prescription records – already being sold and commercialized. "Universal healthcare IDs would only exacerbate such practices," she avers.
While Hieb agrees that patient privacy concerns exist with UPIs – and admits these concerns need to be addressed – he argues that identifiers, if done properly, can actually enhance patient privacy.
"One of the fallacies out there is this idea that you have to choose either information exchange or privacy," he says. "Right now, your name and your address and your phone number are being sent all over the place just to try and track different data and make sure it stays attached to you. We say that’s putting your identity at risk."
Deven McGraw, director of Health Privacy Project at the Center for Democracy and Technology, says the concept of UPIs may sound appealing in theory, but when examined more closely, serious privacy concerns do, in fact, exist.
"The privacy issues around identifiers is when those identifiers are used for purposes beyond what they were originally intended," she says.
In McGraw’s view, it’s a guarantee that these identifiers would ultimately be used for other purposes. She cites the example of the Social Security number, which was originally intended for the single purpose of linking to one’s social security account. Now, Social Security numbers are used for multiple identification purposes. And so it will go with UPIs.
"I think commitments or the notion that we can have a unique identifier that would be assigned to people that would only be used in health is a little disingenuous," she says. "Once that horse is out of the barn, the ability to control subsequent uses of it is out the window."
McGraw agrees that a set of solutions to improve data matching is necessary, but argues against UPIs as being the best answer. "The evidence is pretty clear that having an additional data field does help," she says, "But it’s not a panacea." A UPI is no less likely to be entered incorrectly than one’s address, she adds.
A more sagacious solution, in McGraw’s eyes, is first and foremost to clean up and standardize data, and perhaps eventually explore voluntary identifiers, meaning that physicians would have to request a patient’s consent before accessing the information.
Others disagree. "Having patients decide which doctor gets which data is the wrong choice," writes Michael Collins, MD, University of Massachusetts Medical School Chancellor, in the Jan. 23 Wall Street Journal article
. "Doctors need full access to all of a patient's data, so they can deliver the appropriate care. That is the essence of the doctor-patient covenant.”
Hieb says that, although he’s an advocate of UPIs, the patients should have the final word. "If the patient decides, 'Yeah, I’m willing to sell my data to this drug company so they can do this research,' the patient’s data should be anonymous," meaning patient names, addresses, phone numbers and other linked data should be erased."
Ultimately, however, whether the concept of UPIs borders the dystopian domain of Aldous Huxley or, in another view, approaches something like Thomas More’s Utopia, both sides argue that appearances can be deceiving – rendering it unlikely that the debate will resolve itself any time soon.