Readers Write: Achieving True Interoperability Transparency May Depend on Adopting a National Patient Identifier System
Achieving True Interoperability Transparency May Depend on Adopting a National Patient Identifier System
By Kevin Hutchinson
Kevin Hutchinson is CEO of Apervita of Chicago, IL.
Let me say one thing right out the gate: I am typically not a fan of forcing industry-wide uniformity via burdensome and overly instructive government mandates. However, sometimes there’s too much at stake in healthcare and the private sector just can’t agree on standards on their own. So was the case with e-prescribing over 15 years ago, and so is the case now with interoperability.
When I was founding CEO for Surescripts and before I was a member of the inaugural ONC-created National Health Information Technology Standards Committee, it was hard to get stakeholders to agree on standards, as the EHR industry was generally slow to adopt anything. However, after we created the initial standards for e-prescribing via the National Council for Prescription Drug Programs (NCPDP), set firm deadlines, and CMS tied e-prescribing to MIPPA incentives, the different factions within the healthcare industry (all of whom had different agendas) came together and abided by a system that largely still works today.
So it makes sense for CMS and ONC to impose strict mandates and timelines — albeit with some COVID-caused relaxation — for interoperability compliance, because the fragmentation of health records is as dangerous as it has ever been to patients. But while each deadline moves us closer to a more integrated and transparent system, it’s not until the payer-to-payer interoperability deadline in January 2022 where we’ll finally be in our best position to eliminate costly problems created by siloed health data. We may finally see some health record consolidation.
However, like all kinds of sweeping reforms, the devil is in the details. I believe that it might not be as “successful” as we expect it to be unless the federal government steps up and mandates a national patient identifier (NPI) system.
Just because one’s health insurer is sharing data with their previous insurer doesn’t ensure a holistic record. It’s not outlandish to think that any American could have up to 10 different health insurers over their lifetime, especially given rising health costs, socioeconomic inequities, and an increasingly volatile job landscape. That’s 10 different organizations with 10 different technology infrastructures, data protocols, and health IT standards. Not to mention the complexity of a patient’s health record strewn across multiple EHR systems, that change over time, as well as patients changing doctors creating new patient chart IDs and no standardized format for those patient chart IDs.
Who is responsible for making sure IDs match up? Who is responsible for identifying potential health record duplication errors? These are small data nuances that can have life-or-death consequences.
I can tell you first hand that even after national standardization, there have been instances in e-prescribing when records for John Doe I were assumed to be a part of John Doe II’s record, which could have resulted in life-threatening medical errors if not caught and corrected. NPIs would make life easier and safer for patients, payers, and providers, but yet they still aren’t part of the interoperability equation.
The NPI debate isn’t new. In fact, it’s been around for more than 20 years. But it seems like now we may actually be moving in the right direction. Late last year, representatives from many NPI-supporting organizations signed on to a letter urging Congress to take action, arguing, “The absence of a consistent approach to accurately identifying patients has also resulted in significant costs to hospitals, health systems, physician practices, long-term post-acute care (LTPAC) facilities, and other providers, as well as hindered efforts to facilitate health information exchange.” As a result, the House of Representatives voted to remove the ban on funding NPI organizations.
As for payers, some would likely argue that NPIs would help them as well. Many within the payer community think NPIs could improve member safety, reduce overutilization and fraud, and help them understand how members performed in previous payer’s quality-based programs.
However, NPI opponents will often counter with concerns over privacy and security, higher costs, and serious medical errors due to human error. The costs, they argue, would be incurred from building a new IT system from scratch while also having to align on policies and standards to govern it. To that argument, I would just remind critics that there have already been huge costs incurred because we haven’t achieved full interoperability yet, and then ask them to imagine the wasted money if all current mandates and compliance initiatives ended up not solving the core problems.
As for the medical errors argument, fragmented health records are much more dangerous. Again, I don’t think we can be as successful with interoperability without an NPI system.
But it’s that last and most prevalent argument on privacy and security that makes me raise an eyebrow. We constantly hear that we can’t have NPIs because if the number is compromised, the patient’s entire health record would be accessible in one location. That argument falls a bit flat for me. There are already medical record numbers on pretty much everything. In today’s interoperability world, we use easily accessible patient information (names, address, gender, dates of birth, etc.) to create a universal patient ID and match disparate patient information the best we can.
The whole argument on NPIs should really be fought on the cybersecurity front. Why not implement data encryption standards that lock data down to the field level, so that each piece of information in an NPI record is its own walled garden? We’ve already seen the mistakes made by other consumer industries such as banking, which many have responded with increasingly deep levels of data encryption. It’s completely logical and viable for the healthcare industry to implement the same level of security available in other industries to ensure our sacrosanct health information is protected. If we did, then that would be good for all and put an end to the security debate on NPIs.