Giving a patient medications in the ER, having them pop positive on a test, and then withholding further medications because…
Readers Write: Achieving True Interoperability Transparency May Depend on Adopting a National Patient Identifier System
Achieving True Interoperability Transparency May Depend on Adopting a National Patient Identifier System
By Kevin Hutchinson
Kevin Hutchinson is CEO of Apervita of Chicago, IL.
Let me say one thing right out the gate: I am typically not a fan of forcing industry-wide uniformity via burdensome and overly instructive government mandates. However, sometimes there’s too much at stake in healthcare and the private sector just can’t agree on standards on their own. So was the case with e-prescribing over 15 years ago, and so is the case now with interoperability.
When I was founding CEO for Surescripts and before I was a member of the inaugural ONC-created National Health Information Technology Standards Committee, it was hard to get stakeholders to agree on standards, as the EHR industry was generally slow to adopt anything. However, after we created the initial standards for e-prescribing via the National Council for Prescription Drug Programs (NCPDP), set firm deadlines, and CMS tied e-prescribing to MIPPA incentives, the different factions within the healthcare industry (all of whom had different agendas) came together and abided by a system that largely still works today.
So it makes sense for CMS and ONC to impose strict mandates and timelines — albeit with some COVID-caused relaxation — for interoperability compliance, because the fragmentation of health records is as dangerous as it has ever been to patients. But while each deadline moves us closer to a more integrated and transparent system, it’s not until the payer-to-payer interoperability deadline in January 2022 where we’ll finally be in our best position to eliminate costly problems created by siloed health data. We may finally see some health record consolidation.
However, like all kinds of sweeping reforms, the devil is in the details. I believe that it might not be as “successful” as we expect it to be unless the federal government steps up and mandates a national patient identifier (NPI) system.
Just because one’s health insurer is sharing data with their previous insurer doesn’t ensure a holistic record. It’s not outlandish to think that any American could have up to 10 different health insurers over their lifetime, especially given rising health costs, socioeconomic inequities, and an increasingly volatile job landscape. That’s 10 different organizations with 10 different technology infrastructures, data protocols, and health IT standards. Not to mention the complexity of a patient’s health record strewn across multiple EHR systems, that change over time, as well as patients changing doctors creating new patient chart IDs and no standardized format for those patient chart IDs.
Who is responsible for making sure IDs match up? Who is responsible for identifying potential health record duplication errors? These are small data nuances that can have life-or-death consequences.
I can tell you first hand that even after national standardization, there have been instances in e-prescribing when records for John Doe I were assumed to be a part of John Doe II’s record, which could have resulted in life-threatening medical errors if not caught and corrected. NPIs would make life easier and safer for patients, payers, and providers, but yet they still aren’t part of the interoperability equation.
The NPI debate isn’t new. In fact, it’s been around for more than 20 years. But it seems like now we may actually be moving in the right direction. Late last year, representatives from many NPI-supporting organizations signed on to a letter urging Congress to take action, arguing, “The absence of a consistent approach to accurately identifying patients has also resulted in significant costs to hospitals, health systems, physician practices, long-term post-acute care (LTPAC) facilities, and other providers, as well as hindered efforts to facilitate health information exchange.” As a result, the House of Representatives voted to remove the ban on funding NPI organizations.
As for payers, some would likely argue that NPIs would help them as well. Many within the payer community think NPIs could improve member safety, reduce overutilization and fraud, and help them understand how members performed in previous payer’s quality-based programs.
However, NPI opponents will often counter with concerns over privacy and security, higher costs, and serious medical errors due to human error. The costs, they argue, would be incurred from building a new IT system from scratch while also having to align on policies and standards to govern it. To that argument, I would just remind critics that there have already been huge costs incurred because we haven’t achieved full interoperability yet, and then ask them to imagine the wasted money if all current mandates and compliance initiatives ended up not solving the core problems.
As for the medical errors argument, fragmented health records are much more dangerous. Again, I don’t think we can be as successful with interoperability without an NPI system.
But it’s that last and most prevalent argument on privacy and security that makes me raise an eyebrow. We constantly hear that we can’t have NPIs because if the number is compromised, the patient’s entire health record would be accessible in one location. That argument falls a bit flat for me. There are already medical record numbers on pretty much everything. In today’s interoperability world, we use easily accessible patient information (names, address, gender, dates of birth, etc.) to create a universal patient ID and match disparate patient information the best we can.
The whole argument on NPIs should really be fought on the cybersecurity front. Why not implement data encryption standards that lock data down to the field level, so that each piece of information in an NPI record is its own walled garden? We’ve already seen the mistakes made by other consumer industries such as banking, which many have responded with increasingly deep levels of data encryption. It’s completely logical and viable for the healthcare industry to implement the same level of security available in other industries to ensure our sacrosanct health information is protected. If we did, then that would be good for all and put an end to the security debate on NPIs.
An NPI is such an obvious need that it’s a shame we have debated it for these 20 years. Thanks, Kevin, for continuing the fight.
Back in the 80s when we were collecting inpatient data on 1/2 inch tape we were able to use the SSN. Any new NPI will end up being abused. We do not need a new NPI, we need to bombproof the one we currently have.
Not everyone has or even needs a SSN. SSNs are tied to financial records and gov’t benefits. They were never designed to be used as identifiers for everything else. As a victim of ID theft, I can only imagine what will be done with NPIs – fraudsters WILL try to use them to get care under others’ names and insurances to avoid paying high deductibles or going into debt themselves. The NPI needs to be separate and there needs to be a way for patients to dispute records associated with them like we can do with our credit reports.
I do not advocate against the idea of a National Patient Identifier however it’s not clear to me how an NPI will improve patient medical matching rates beyond our current environment. The challenges around having to match an actual person with disparate records will not go away with an NPI. Take for instance the case where an NPI is not keyed correctly or where one individual is incorrectly linked to another individual’s NPI. Keying errors, typos, birthday mismatches, name mismatches will remain to the point where an NPI will be seen as one additional data point to be used for matching.
What is required is a combination of technology and process to ensure high match rates across an ecosystem of healthcare organizations where data is stored within disparate systems of care. Investment in technology would presumably include the deployment of strong probabilistic and deterministic matching algorithms in combination with outside data to supplement the matching processes. Additionally, investment in data governance policies across organizations will ensure consistency. Outside of this the advent of an NPI will be viewed as one more data point in the matching process and without the proper technology and governing processes will be subject to failure.
Oh, I don’t think the mistype is a problem. Yes, for every field that is manually entered, there is a 40% chance that the field will be mistyped, (butterfingered). However, cards are easy, and bar code technology is quite stable.
Swipe or let the clinic “laser” (gratuitous Austin Powers reference) the code. Hell, some tech (QR code) could lead to a block chain reference that would allow for your entire record to be downloaded, reconciled, and incorporated.
Security & privacy concerns aside. It could be done with the current tech.
Okay, my dream is aspirational.
It could also be a federated national ID. Each state has an unique ID and identity database. If you are receiving care in X state, your provider queries X state system for matching info based on your ID. Recognizing your ID is from a separate state, your state queries the other states database through a federal broker. The feds don’t see the data, just the ID and a random sample of enough of the query to make sure everybody is following the rules. Data updates are propagated only to those states that have queried for the ID before. If you don’t leave your state, the feds never see your ID or any query info for you. System is bootstrapped based on voting/drivers Id cards. Verification and resolution of identity info takes place at the resident’s state level. Federal block grants conditional on the performance of the states identity system. Health providers keep their own records clean as they are already supposed to.
Two responses:
1. You can’t have an NPI without changing the 1996 HIPAA law. It forbids DHSS from doing anything like that. And considering we have a strong minority of people who won’t even wear a mask in this COVID19 world under the auspices of ‘freedom’, good luck with getting a ‘privacy’ law changed.
2. Once upon a time I believed as you propose. But over the last decade I had to change hospitals, primary and specialist doctors and am convinced few if any docs or nurses read previous medical records. For example with my last doc change weeks before my initial visit, I offered to give them a thumb drive of my EMR. Answer.’sorry we can’t accept that’. ‘Ok’, I said here is a printout of it. They put it in the back of my new chart. Then on my first visit every nurse and MD I saw asked me the same questions about my health history, family history, meds,etc.
And when a lab test came back a touch outside normal the doc wanted to send me to another specialist and run even more procedures. I pointed out to him that in my past history (as noted in my ‘old’ EMR) that that particular test value has not changed in years…he said “oh, guess we can scratch that workup”.
My conclusion: either previous medical records have little or no value, in which case a ‘summary’ one or two page record may be enough, or practitioners are too lazy to read all that data, in which case I go back to my first recommendation.
Right there is no business case for interoperability. Your provider bills extra for a new patient visit. They have to justify that somehow. Also that unnecessary test makes him a few extra bucks. The gov has to force businesses hand to do the right thing. Because business controls all of one party and most of the other, it won’t happen.
Your first thought in your conclusion is, what I believe, the correct one.
The interoperability problem is as Kevin identified, but a significant part of that is also the fact that the solutions do not interpret the data the same way; by schema, domain, structure, dictionary, enumeration, workflow, etc.
So in handing your ‘thumb drive’ over to them they have no way to bring that data into their system. Unless, it is the same system, configured the same way, with the same dictionaries, and, and, and…
Kevin is calling out a real problem here. You, are providing an example of the manifestation of that problem
As far as changing the laws; well to quote a Nobel Poetry Laurette, “Times, they are a-changin”.
Thank you for sharing your experience. It is consistent with both my research and experience.
Thank you for this article. CHIME is co-founder of the Patient ID Now Coalition (https://patientidnow.org/). The Coalition is working hard to remove this ban. Contact me at policy@chimecentral.org to join the Coalition’s efforts or for more information.
Opposition to a national identifier is deeply rooted in the American psyche. It might be easier to amend the constitution to eliminate the electoral college than to get a national ID.
To be technically feasible a national ID would need to be provided at birth and be (unlike SSN) unique and immutable. Countries in Europe have had systems for this for many years and they work well. In Sweden the “personnummer” is assigned at birth and used everywhere.
Kevin,
Thanks for resurfacing this issue that was front and center at one-time before MU and the HiTech acts were passed in 2009. I recall that many leaders, including Neal Patterson were very focal to congress about the importance of an NPI to enable the success of MU and HiTech. Groups like the ACLU attacked the premise of NPI as violating a persons right to privacy (irregardless of the benefits of treating a person more holistically within the full context of a person’s medical history). There are a lot of nefarious players out there both out in the open and behind the curtain that will take advantage of the access to patient data today and through the opening up of access through interoperability rules. I disdain the practice of health insurance companies using such data to skim the healthiest of patients and find excuses of why others will not be accepted or will receive a super premium in order to be covered. I have personally experienced this practice as a sole proprietor. All this said, I do believe that the greater good can be found within the safe and regulated use of an NPI.
We at Global Patient Identifiers applaud Kevin’s efforts to bring this topic into focus. An NPI is a complex challenge and there are many issues that must be addressed, some of which have been mentioned in this thread. However, the most important reason these issues must be addressed is patient safety. Misidentification accounts for far too many non-optimal treatments and deaths. We have been analyzing this problem for many years and are ready to contribute fully to the discussion.
Kevin,
NPi is not a good acronym. Not everyone who needs one is a patient. Also, it can be confused with the National Provider Identifier. Something like consumer health identifier (CHI) or Global Health Identifier (GHI) might be better.
I’ve studied this problem in depth when I was an exec at UnitedHealth Group. Payers have an error rate in identifying members at a rate of ~1%. To them, that is a rounding error and can be corrected if noticed/caught. That error rate in clinical practice is intolerable, yet exists there too. It’s a major safety issue.
The Global Patient Identifier, mentioned by Rob Macmillan above is a very robust and, in my opinion, the best solution. It is analogous to credit cards. It requires a trusted entity who knows where Global Health Identifier (GHI) are issued but not the person associated with the GHI. The person carries the card with the GHI and their name. Like credit cards, the user may have more than one which allows them to segregate their data (e.g., one for general use and another for psychiatric care). If there is a brake-the-glass or data breech scenario, the GHI is canceled and a new number issued (just like your credit card).
The government will NOT take this on because of prior lobbying, restrictive legislation and lack of will. But Congress left the door open for industry to solve the problem. The industry was also part of the problem with data blocking and proprietary concerns that produced resistance to sharing data. With the recent progress in democratizing data, the industry can now move forward with GHI. I like the credit card model.
Dave