While there is merit to both sides of the privacy argument there is no longer any argument that could withstand scrutiny against a universal way to identify individuals longitudinal health information and to make that data available both in a de-identified fashion for global population health management efforts and an identified fashion for routine and emergent health services. This academic work will make arguments for the Universal Unique Patient Information Identifier UUPII from technology integration, financial implications, patient safety and legal perspectives supporting a combination of techniques that will provide scalability and flexibility that other national systems such as the Social Security Number could achieve. The bulk of the arguments will focus on the Risk, Compliance, and regulatory perspectives that support the rational for a safe, secure and private universal unique patient information identifier.
Universal Unique Patient Information Identifier UUPII
1. Frank Titus Avignone IV
Submitted in fulfillment of the requirements for the
degree of
Masters of Jurisprudence in Health Law and Policy
Loyola University of Chicago
School of Law
May 2013
2. 2
Introduction
Unique Patient Identifier “Case On Point”
Current Challenges
ARRA & HIT Funding
Privacy and Regulation
HIPAA
Alternatives to UPI
Universal Unique Patient Information Identifier
Summary & Conclusion
3. Cancer patient has surgery and some time later it is
discovered that they were assigned a different patient’s
Medical Record Number (MRN). The MRN actually
belonged to a transplant patient with the same first and
last name and same middle initial. Thus the Transplant
patient’s history, medications, allergies, were in cancer
surgery patient’s electronic record. New documentation
on the surgical cancer patient was being entered into
the transplant patients medical record. The surgical
patient’s history, allergies, etc. were under his
established MRN
The Case On Point
Introduction
4. Two Types of Patient Information Errors
Duplicate Medical Record
Numbers
Two different persons
sharing one Medical
Record Number
Introduction
5. Duplicate Medical Record Number
Patient has two medical record
numbers: important clinical
information is in different
places; new MRN will be
missing medication history,
allergies, radiology results,
etc. etc. from previous visits
and admissions
Introduction
6. Two people erroneously sharing a single MRN
This causes the blending of one patient’s lab and
radiology history, medical history, with another patient’s
allergies, wrong medication history
Selecting the Wrong Established MRN
Introduction
9. History
• 1996, HIPAA mandated a Unique Individual Identifier for
health care purposes
• Due to concerns about privacy, 1999 Omnibus
Appropriations Act prohibited funds to “promulgate or
adopt any final standard”... until legislation is enacted
specifically approving standard.“
• Congress has placed a clear mandate on health care
community for adoption of EHRs & HIE capability
• A uniform strategy to match patients with their records is
essential
History
11. Need for Unique Patient Identifier
• Frequent mismatch between patients &
clinical data a serious & growing patient
safety issue.
• 2008 Rand study: 8-14% of health records
have patient-data mismatch.
• Preventing & correcting mismatches a
huge cost-driver
• W/O one standard: different solutions
being adopted & built into health
information infrastructure.
Need
12. • Absence of patient-data matching strategy:
– Duplicate records
– Incomplete and fragmented information
– Billing problems
– Increased fraud and abuse
– Security problems
– Quality of care issues
• Patient-data matching strategy essential:
– To reaching full benefits of HIT
– Ensuring patient safety and privacy
– Enhance patient privacy, security, and safety
Need for Unique Patient Identifier
Need
13. • In the enterprise, computer systems
don’t talk to one another
• Islands of data isolated in
departments and systems
• Integrating disparate systems is costly
and difficult
• Mandatory compliance with standards
like HIPAA requires coordination
Source: Integrating the Healthcare Enterprise (IHE)
Need for Unique Patient Identifier
Need
16. 16
Costs basis
• Cost of one integration
– Simple = $32K
– Medium = $95K
– Complex = $190K
Hypothesis
• 1,126 Hospital networks,
• each includes Avg. 71 systems
• 44 points of integration
• 1,892 (44 x 43) integrations per
network totalling 2.1 M (1,126 x
1,892) Assuming existence of
standardized protocol for interfaces
• $68.172 M (if Simple – $32K)
• $202.316 M (if Medium – $95K)
We need a different approach
SYSTEMS TO CONNECT
SYSTEMS TO CONNECT
SYSTEMS TO CONNECT
Contracts
2
App 1Appl 1 App 1Appl 2
App 1 App 1
App 1App 1Appl 1 App 1Appl 2
6
App 1App 1Appl 3
Interfaces = N (N-1)
12
App 1 App 1App 1Appl 1 App 1App 1Appl 2
App 1 App 1App 1Appl 3 App 1App 1Appl 4
Information Architecture
Information Architecture
18. • Total $19.2 Billion for HIT
– $2 Billion for ONC
– $17.2 Billion for incentives through Medicare and
Medicaid Reimbursement systems
• Codifies ONC, HIT Standards Committee,
HIT Policy
• Provides grant and loan programs to assist
providers and consumers in adopting HIT
• Privacy and Security provisions in HIPAA for
electronic health info
Information Architecture Funding
Information Architecture Funding
19. • Give 70% of Americans an electronic
health record (EHR) within 5-10 years.
• Use Medicare to incentivize the adoption
of EHRs to improve quality, provide data
portability, and allow for performance
evaluation.
• Eventually penalize non-adopters by
reducing reimbursement.
• Some rural providers will also be eligible
for Medicaid incentives.
Information Architecture Funding
Information Architecture Funding
21. 4th Amendment (secure in their persons, houses, papers and
effects against unreasonable searches and seizures)
Fair Credit Reporting Act (1970)
Privacy Act (1974)
Family Educational Rights and Privacy Act (1974)
Right to Financial Privacy Act (1978)
Privacy Protection Act (1980)
Electronic Communications Privacy Act (1986)
Video Privacy Protection Act (1988)
Employee Polygraph Protection Act (1988)
Telephone Consumer Protection Act (1991)
Driver’s Privacy Protection Act (1994)
Telecommunications Act (1996)
Children’s Online Privacy Protection Act (1998)
Identity Theft and Assumption Deterrence Act (1998)
Gramm-Leach-Bliley Act (1999)
Privacy and Regulatory History
Privacy & Regulatory History
22. Most of the preceding laws protect
aspects of personal information (mostly
financial), but not Health Information
Inconsistent State laws exist for protection
of information regarding certain health
conditions -- HIV, Mental Illness, Cancer
Privacy and Regulatory History
Privacy & Regulatory History
23. • Health Insurance Portability and
Accountability Act of 1996
• Proposed by Sen. Edward Kennedy (D-MA)
and Nancy Kasselbaum (R-KS)
– Focused on issues involving
• obtaining new insurance at new job with pre-
existing conditions
• protection from fraud
• administrative simplification
– Electronic transmittal of data for billing purposes
– Privacy issues related to transmission of clinical data
Privacy and Regulatory History
Privacy & Regulatory History
24. HIPPA effective 1996
HITECH ACT interim final rule 2009 effective
2010
Refer to the original bill:
ARRA, H.R. 1
TITLE XIII: Health Information Technology.
Within the HITECH Act, the Privacy and
Security provisions are contained in: TITLE XII:
Health Information Technology, Subtitle D,
Privacy
Privacy and Regulatory History
Privacy & Regulatory History
25. Personal Health Information (PHI)
– Anything that can potentially identify an
individual
Name
Zip code of more than 3
digits
Dates (except year)
Telephone and fax
numbers
Email addresses
Social Security Numbers
Medical Record Numbers
Health Plan Numbers
License numbers
Privacy and Regulatory History
Notification
Consent
Authorization
Privacy & Regulatory History
26. • HITECH increased Privacy and
Security requirements
• Enforcement of requirements -
stronger
• Business Associates must
comply with same
requirements then Covered
Entities
• Security Provisions - stronger
and clarified
• Privacy Provisions - stronger
and clarified
Privacy and Regulatory History
Privacy & Regulatory History
• Overstates the ability
of informed consent to
protect privacy
• Fails to protect privacy
through security,
transparency, and
accountability
• Imposes burdensome
procedures that offer
little privacy protection
• ARRA provisions for
privacy
28. “The persistent campaign by members of congress such as Ron Paul (R-TX) who have successfully
introduced and passed legislation baring the use of federal funds under the Social Security Act (42
U.S.C. 1320d–2(b)) for the use of providing a unique health identifier for an individual other than that
assigned by the health plan or employer group”
Universal Unique Patient Information Identifier
1999 Public Law 105-277 prohibited HHS from using any of its
appropriated funds to promulgate or adopt any final standard
providing for, or providing for the assignment of, a unique health
identifier of an individual until legislation is enacted specifically
approving the standard. Therefore, HHS is constrained from
implementing a unique health identifier while this language is in
effect.
Universal Unique Patient Information Identifier
29. Probabilistic/fuzzy matching
Williams Alexander 21 M 4039 Walnut St
Box 490 Harrison Ct Philadelphia PA 19107 215231487
Williams Jason 26 M 3738 Wallace St Philadelphia PA 19107 2152548976
Williams Jesse 23 M 3609 Chestnut St Philadelphia PA 19107 2157984125
Williams Alberto 45 M 425 N 39th St Philadelphia PA 19107 2151348964
Williams Eric 48 M 724 40th St Philadelphia PA 19107 2155678941
Williams Matthew 65 M 2206 Walnut St Philadelphia PA 19107 2151479856
Williams Cathy 22 F 1100 Quaker Hill Philadelphia PA 19107 2151973846
Williams Jeremy 17 M 4218 Parkside Philadelphia PA 19107 2156485974
Williams Steve 2 M 1631 Scott St Phila PA 19107 2151597845
Williams Alexis 35 F 719 Woodlyn Dr Philadelphia PA 19107 2157899456
Williams Sandra 18 F 7711 Brous Ave Philadelphia PA 19107 2154654132
Williams Alex 21 M 4251 Walnut St Philadelphia PA 19107 2151234567
+10
+10
+10
+8
-3
-5
Total Score: 30
Total Score: 20
Universal Unique Patient Information Identifier
Universal Unique Patient Information Identifier
30. False Positives and Negatives Used in Patient Linking
The records in reality belong to:
Different
people
Same person
Result from
matching
Different
people
Correct result False negative
Same person False positive Correct result
Clinical
information
assigned to the
wrong patient
Clinical
information
not linked,
patient has
duplicate
records
Universal Unique Patient Information Identifier
Universal Unique Patient Information Identifier
31. • Value permanently
assigned to an
individual for
identification
purposes
• Unique across the
entire national
healthcare system
• Not shared with any
other individual
31
Universal Unique Patient Information Identifier
Universal Unique Patient Information Identifier
• Identification of an
individual
• Identification of
information
• Accurate identification
functions
• Reduce healthcare
operational cost and
enhance the health
status of the nation
National Committee on Vital and Health Statistics
32. • Index
– Organizational MPI
– Enterprise-wide MPI
– Registry MPI
• Information from
previous episodes of
care and different
sites of care
32
Universal Unique Patient Information Identifier
Universal Unique Patient Information Identifier
• Scope of access
– Within a single
organization
– Enterprise wide
access
– Nation wide
access
33. • Methodology should have an explicit framework
specifying linkages that violate patient privacy
• Facilitate the identification of parties that make
improper linkages
• Unidirectional – should facilitate helpful linkages
of health records but prevents identification of
patient from health records or the identifier
Universal Unique Patient Information Identifier
Universal Unique Patient Information Identifier
National Committee on Vital and Health Statistics
34. 34
Introduction
Unique Patient Identifier “Case In Point”
Current Challenges
ARRA & HIT Funding
Privacy and Regulation
HIPAA
Alternatives to UPI
Universal Unique Patient Information Identifier
Summary & Conclusion
35. 200 Breaches Impacting Almost 5.9 Million
Individuals, with Theft and Loss of Laptops and
PEDs Major Cause (December 2, 2010.M)
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Summary and Conclusion
36. 35% of Fortune 500 companies admit to
using medical records for hiring and
promotions
65 Fed. Reg. 82,467 (Before HIPAA)
Summary and Conclusion
37. Privacy regulations where they need to be
Reform and reimbursement
Health care information technology
Consumer focused health care
Summary and Conclusion
A name is the first and final marker of individual rights, one fixed part of the ever-changing human world. A name is
the most basic characteristic of our human rights: no matter how poor or rich, all living people have a name, and it is
endowed with good wishes, the expectant blessings of kindness and virtue. Ai Weiwei
Universal Unique Patient Information Identifiers allow the patient/consumer control
allowing them to indicate that certain aspects of their medical records are "private", so
that patients can allow or deny access to providers consistent with the organizational
policies of HIEs.
Universal Unique Patient Information Identifiers is cost effective and can virtually
eliminate the 8-14% incidence of patient identification errors that is the current industry
experience when patient identification is performed using demographic matching
techniques.
Universal Unique Patient Information Identifiers do not contain any patient information
(identification, demographic or clinical) but can point to EMPIs which manage patient
identity processing and links to clinical systems.
Universal Unique Patient Information Identifiers can take government out of the equation
working with voluntary programs, avoiding the creation of a monolithic system and data base
of personal information and thus avoiding the costs and privacy risks associated with such a
system.
38. The Old World
Provider-focused
Illness centric
Site-of-care centric
Episode Management
Supply Management
Solitary decision making
Inefficiency
De-centralized, generalized care
The New World
Patient & family-focused
Medical home and wellness care
Continuum of care & case management
Disease and demand management
Collaborative, evidence-based decisions
Meaningful-Use objectives, metrics & criteria
Patient safety, quality and effectiveness
Centralized, specialized care
38
Summary and Conclusion
Editor's Notes
The Health Information Technology for Economic and Clinical Health Act, abbreviated HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub.L. 111–5). Under the HITECH Act, the United States Department of Health and Human Services is spending $25.9 billion to promote and expand the adoption of health information technology.The National Coordinator for Health Information Technology, Dr. FarzadMostashari, has explained: "You need information to be able to do population health management. You can serve an individual quite well; you can deliver excellent customer service if you wait for someone to walk through the door and then you go and pull their chart. What you can't do with paper charts is ask the question, 'Who didn't walk in the door?'"
NotificationInforming patients in simple language regarding the manner in which their data is handledConsent one time, general agreement to use the patient’s information in treatment. For payment, or for “healthcare operations”Lasts indefinitely, necessary for treatmentSharing information between primary care physician and consulting specialistRegulations allows provision of care to be conditioned on patient’s consent to use information for payment purposes.Authorization limited in time and scopeNon-routine purposeExample : Patient is actively participating in a research protocol and personal health information will be shared with a clinical service or university
While not listed as one of the core elements of an MPI, the American Health Information Management Association recommends the use of a Unique Patient Identifier to be included in the core data elements of the MPI. The Core Health Data Elements, published by the National Committee on Vital Health Statistics (NCVHS), also includes the use of a Unique Patient Identifier. In addition, the 1996 Health Insurance Portability and Accountability Act mandated UPI systems but security concerns have stalled those efforts. Consequently, the UPI is not yet established.An NCVHS report broke the term “Unique Patient Identifier” down into individual components and then summarized the results in a definition. The report states, “the identity of an individual consists of a set of personal characters by which that individual can be recognized. Identification is the proof of one's identity. Identifier verifies the sameness of one's identity. Patient Identifier is the value assigned to an individual to facilitate positive identification of that individual for healthcare purposes. Unique Patient Identifier is the value permanently assigned to an individual for identification purposes and is unique across the entire national healthcare system. Unique Patient Identifier is not shared with any other individual.”The NCVHS document lists potential benefits of a UPI. They include the potential to assure prompt access to healthcare information, timely delivery of care, linkage of lifelong health records of individuals, and aggregation of health information for analysis and research.
The third component that is an integral part of the Unique Patient Identifier is the Index.The index links the Unique Patient Identifier and the identification information of the patient. It serves as the directory of Unique Patient Identifiers. It must be capable of supporting identification functions within an organization, an enterprise and across the entire national healthcare system. Organizational Master Patient Index (Organizational MPI) - Individual providers and organizations that treat patients maintain an index of their patients, called Master Patient Index (MPI). It contains the patient identifiers and the patient's identifying personal and demographic information. The MPI maintained by organizations are unique only within the organization. It serves as a directory of patients for ready reference, verification and identification of the patient and patient information. Enterprise-wide MPI (EMPI) - Managed Care and Integrated Delivery Network are the results of healthcare reform and related initiatives. Such initiatives bring organizations together and require interoperability among them. An enterprise may contain multiple cooperating provider organizations. The enterprise-wide MPI (or EMPI) provides cross reference to the multiple provider specific MPIs so that a patient's information can be accessed across the enterprise based on the patient's identifier.Registry MPI (RMPI)/Software Mediation - Registry MPI is a new concept. It is also called the directory of MPIs. RMPI maintains pointers to those MPIs that are external to the enterprise MPI. RMPIs form a framework for facilitating the searching and matching of patients among different providers and multiple enterprises across the nation. Computer software to support the RMPI mediation functions is being planned by an organization such as HL7 and CORBAMed.Information from previous episodes of care and different sites of care - Organizational MPIs usually contain information relating to a patient's previous visits. Also, information on previous episodes of care from another organization, but within the same enterprise, can be obtained with the use of the EMPI. However, to access records or information from previous episodes of care from an unrelated organization, the respective site information is essential. Sites external to the enterprise will not be available from the EMPI. Although an RMPI can facilitate searching for a match among cooperating MPIs, sites unknown to an RMPI cannot be accessed for the search.