January 29, 2012

January 29, 2012
Should Every Patient Have a Unique ID
Number for All Medical Records?

Welcome to another day in my life. Today is Sunday and I hope you have had a safe and great weekend so far. It has been another busy one for Dab the AIDS Bear and me.

We all have heard about breaches in security on company websites. But what if it happened at your hospital or doctor office? How would you feel about your medical information being compromised?

As the U.S. invests billions of dollars to convert from paper based medical records to electronic ones, has the time come to offer everyone a unique health care identification number?

Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. They say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. UPIs, they say, would both improve care and lower costs.

Privacy activists are not buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health care ID system would only encourage more of the same. The result, they say, will be more patients losing trust in the system and hiding things from their doctors, resulting in a deterioration in care. They agree that it is crucial to move medical records into the digital age. But they say it can be done without resorting to universal health IDs.

Yes: It Means Better Care

The U.S. health care industry has an identity crisis.

Lacking an easy, uniform way to identify patients and link them to their health data, doctors, hospitals, pharmacies, insurance plans and others throughout health care have created a sea of unrelated patient identity numbers that are bogging down our medical records system.

Indeed, in an age when it is possible to pay for a cup of coffee using a cellphone, transferring a single patient's medical data from one health provider to another is often a struggle, sometimes resulting in treatment delays and even needless medical errors.

That is why, as the nation invests billions of dollars to convert from paper based medical records to an electronic system, the time has come to offer everyone a universal patient identifier, or UPI.

A UPI system, using one number that seamlessly connects a person to all of his or her records, could be the safest and most efficient way to manage health care data. It would guard against misidentification and make it much easier to pull together a patient's records from disparate providers. Using today's best technologies and practices, UPIs could help dramatically improve the quality of health care, lower costs, accelerate medical discovery and better preserve privacy.

That last point is by far the most contentious. It was privacy advocates who stopped the move toward UPIs more than a decade ago, leading to a ban on the use of federal funds just to study this approach. Enough has changed that UPIs deserve another look.

Cases of Mistaken Identity

In the 2010 federal health care law, substantial resources are dedicated to promoting technology in medicine. We are investing billions of dollars to convert from paper to electronic health records, and to connect health information hubs across the nation.

UPIs could make such systems more efficient. Currently, health care providers and administrators struggle daily to match patients to records organized by disparate systems that rely on names, addresses, birth dates and sometimes Social Security numbers. Names can be presented in numerous formats, leading to duplicative records that cost money and lead to errors. As our population grows, the number of people with the same name and other similar personal data multiplies. Research cited by RAND Corp. indicates patients are misidentified at a rate of about 7% to more than 10% during record searches. As databases grow, the problem will only worsen. UPIs can correct this situation.

What about data security? It is difficult especially without being able to study UPIs to know what the safest approach is. Admittedly, no IT system is immune to breaches.

That said, patients with UPIs hold a distinct and important advantage in that their medical information is compiled and stored according to that unique identifier, separate from financial data typically coveted by thieves. UPIs can even be set up so that patients could choose to have no identifying data in their record, making it completely anonymous

UPIs can be created with built in checks against typing errors and counterfeiting, and if a UPI is compromised, patients can retire it and obtain a new one. Without a UPI, one can only regain medical privacy by changing one's identity, not dissimilar from participation in a witness protection program!

Could the UPI be co-opted, the way the Social Security number has been, and used for other things? That's something we must guard against. By establishing a system where patients request the number through their doctor's office, and from a third party, not the government, we can help keep the UPI associated with medical data only.

Gaining Patients' Trust

Critics contend that UPIs will only make it easier for companies and others to use medical data for commercial purposes. To protect against this, they say, we need a system where physicians have to ask patients for permission to access their information. Because there has been so little study of UPIs, it is difficult to say whether those fears are valid. But having patients decide which doctor gets which data is the wrong choice. Doctors need full access to all of a patient's data, so they can deliver the appropriate care. That is the essence of the doctor-patient covenant. Furthermore, in critical care situations, the patient might be unconscious and, therefore, unable to grant access to essential health information.

While narrowing access is not optimal for patient care, new UPI technology does make it possible. For example, one type of UPI could be used for patients who want all of their physicians to have broad access to their medical data, while another would indicate the patient must first authorize access. Patients get to choose.

Even with all these protections, not every person will trust the system. Studies show that many people already refuse testing and treatment because they are worried it could be used to discriminate against them. UPI critics say a universal health care ID system will only undermine trust further, but I would argue the opposite is true. Problems related to misidentifying patients and accessing their health information in a timely manner have eroded trust in the current low tech system, which is why we need a new approach. Building an efficient records system that is more secure and offers better coordinated care can only enhance trust between patients and providers.

Congress should lift the ban on federal funding for UPI research, and we should better inform patients about the benefits of UPIs. No one wants medical data to fall into the wrong hands, but neither do we want patients to suffer because their medical information cannot be accessed.

Hope you have a great Sunday!

Until we meet again; here's wishing you health, hope, happiness and just enough.

big bear hug,

Daddy Dab