Health Standards

Healthcare & Technology Resources

Why Ireland has a National Patient Identifier (and we don’t)

By 13 Comments

“How many more times do we need to see new remote monitoring studies that plug vendor gizmos into place while ignoring patient workflow- (8)

On the one-hand, I’m excited by the CHIME-sponsored National Patient ID Challenge. According to the latest release there are “nearly 370 innovators from 40 countries” that have registered for the Final Innovation Round. The challenge itself is crystal clear: “Ensure 100% accuracy of every patient’s health info to reduce preventable medical errors and eliminate unnecessary hospital costs/resources.”

The reward is a cool $1 million and the winner will be announced sometime next year. I’m definitely interested to see the winning entry.

On the other hand, I’m not at all hopeful that the U.S. will benefit from this effort because of the legal blockade imposed by Congress on even studying this issue. In that sense, federal support of a national identifier for anything – even something as critical as healthcare – seems to be further away today than ever before and Congress has a near bulletproof argument against a national patient identifier (NPI) wrapped neatly inside a single word – privacy.

Industry versions of an NPI just won’t get to scale because of competing commercial interests. No real surprise here because car manufacturers were stuck with proprietary Vehicle Identification Numbers (VIN’s) until the National Highway Traffic SAFETY Administration came along and mandated one in 1981.

But NPI’s exist in other parts of the world just fine. The most recent example is Ireland – which announced their NPI as “live” earlier this month. Key milestones on their path included:

  • December, 2013: eHealth Strategy for Ireland
  • July, 2014 – Health Identifiers Act
  • August, 2016 – Individual Health Identifier (IHI) in production

Wow – roughly 32 months from start to implementation. Of course Ireland is small compared to the United States. The population of Ireland (about 4.6 million) is roughly equivalent to the population of Louisiana, but it’s still a major undertaking for technical, legal and societal reasons.

This is probably the single largest patient safety initiative that the Irish healthcare system has deployed to date. I think clinicians are way more bought into this than in the NHS [with the NHS number] 15 years ago. It’s been pushed as a patient safety initiative. This is very much about patient safety and using information to stop mixing people up. —Richard Corbridge, CIO of Health Service Executive

Key takeaway – it’s a SAFETY issue. We know that from other statistics (here, here, and here) that we’ve seen through the years from key healthcare organizations like CHIME, HIMSS, and AHIMA.

  • 8-12% of hospitals’ medical records are duplicates
  • On average: 64,000 – 96,000 medical records in an EMR (system) refer to a patient with another existing medical record
  • The average cost associated with repeated medical care – $1,009
  • Kaiser Permanente of Southern California has over 10,000 records of people named Maria Gonzales
  • HIMSS: 8-14% of medical records include erroneous information tied to an incorrect patient identity

Ireland’s accomplishment also tracks to broader objectives. An NPI is both critical and foundational to objectives around patient engagement, population health and safety – including how this will ultimately play into any national electronic health record system. I could reference the critical importance of an NPI for “interoperability” here in the U.S. – but I’ll just bite my tongue.

The Health Identifiers Act (HIA) – which Ireland passed in July, 2014 – also had an interesting intersect with U.S. legislation. The HIA had this language:

PART 2

INDIVIDUAL HEALTH IDENTIFIERS

5. Assignment of individual health identifier

6. Establishment and maintenance of National Register of Individual Health Identifiers

PART 3

HEALTH SERVICES PROVIDER IDENTIFIERS

13. Assignment of health services provider identifier

14. Establishment and maintenance of National Register of Health Services Provider Identifiers

If that sounds remotely familiar – here’s the U.S. version – as incorporated into HIPAA (passed in 1996):

UNIQUE HEALTH IDENTIFIERS.— “(1) IN GENERAL,—The Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system.”

The needs are identical – whether you’re a country the size of 320 million – or one the size of Ireland.

Of course, here in the U.S., theoretical concerns around privacy caused such enormous heartburn that Congress simply defunded the original intent (which is similar to the way they defunded the “risk corridors” last year) – but I digress. The point here is that unfounded and unrealistic concerns around privacy derailed our effort to implement a national standard recognized as critical (and part of healthcare legislation) more than 20 years ago. Was it truly for privacy issues – or was it intentional for other reasons? We’ll get there.

I say the reasons around privacy were unfounded and unrealistic because what we have today in the way of algorithmic patient matching isn’t just less safe – it’s also less secure. The safety issue is well documented – and that’s the primary basis for the CHIME Challenge.

In an environmental scan in 2014, the Office of the National Coordinator for Health Information Technology found that the best error rate is around 7%.  Worse still, the error rate is usually closer to 10 to 20 percent within a healthcare entity and it rises to 50 to 60 percent when entities exchange with each other.

Wow. That’s painful – how could it possibly get worse? It’s worse because that’s just the safety component. The security component actually compounds the safety risk because any identification number used for patient matching – say a proprietary master patient identifier or Social Security number – is, by definition, less secure because it has less legal protection.

Security and privacy could actually be strengthened with a unique patient identifier. A unique patient identifier, once developed, would immediately become protected health information (PHI) under federal and (applicable) state law. RANDIdentity Crisis? (2008)

The American Health Information Management Association (AHIMA) was the latest U.S. healthcare organization to join our long running battle for an NPI. Unfortunately, the AHIMA petition (launched in March) needed 100,000 signatures and secured less than 9,000. This wasn’t for an actual NPI, mind you, this was simply to remove the federal budget ban to think about a patient safety identifier.

But here’s the thing. I know why we won’t make progress here – today, tomorrow, or even this decade. It’s intentional – (and in my opinion – criminal). How do I know this? Because there’s another big regulatory challenge with a very similar profile just one aisle over – and it often gushes blood into our emergency rooms. It’s the gun aisle. How is it remotely similar? Here’s the opening story in a recent article – and the money quote:

Say there’s a murder. Blood everywhere, a dead guy on the floor. The cops come in with their yellow tape, chalk line, the little booties, cameras, swabs, the fingerprint dust. One of them finds a gun on the floor. The gun! He lifts it with his pinkie, examines it, takes note of the serial number. Back at the station, they run a trace on the gun. A name pops up. It’s the wife! Or: It’s the business partner! It’s somebody’s gun, and this is so exciting because now they know who did it.

Except—no. You are watching too much TV. It doesn’t work like that.

“Think,” says Charlie Houser, a federal agent with the ATF.

The cops run a trace on a gun? What does that even mean? A name pops up? From where? There’s some master list somewhere? Like, for all the guns all over the world, there’s a master list that started with the No. 1 (when? World War I? Civil War? Russian Revolution? when?), and in the year 2016 we are now up to No. 14 gazillion whatever, and every single one of those serial numbers has a gun owner’s name attached to it on some giant list somewhere (where?), which, thank God, a big computer is keeping track of?

“People don’t think,” Charlie tells me. “I get e-mails even from police saying, ‘Can you type in the serial number and tell me who the gun is registered to?’ Every week. They think it’s like a VIN number on a car. Even police. Police from everywhere. ‘Hey, can you guys hurry up and type that number in?’ ”

“It’s a shoestring budget. It’s a bunch of friggin’ boxes. All half-ass records.”

So here’s a news flash, from Charlie: “We ain’t got a registration system. Ain’t nobody registering no damn guns.”

Here’s the quote from that same article:

There is no national database of guns. We have no centralized record of who owns all the firearms we so vigorously debate, no hard data regarding how many people own them, how many of them are bought or sold, or how many even exist.

Sound familiar – right? It’s a great article with a great headline: Inside the Federal Bureau of Way Too Many Guns

And that’s why Ireland has a National Patient Identifier and we don’t. We have the technical and economic prowess to trump anything Ireland – or literally any other industrialized country can do. We could implement an NPI – if we wanted to – if there was no artificially induced congressional budget ban. The rationale against one sounds legit – privacy – but it’s a smokescreen.

The reason we don’t have a national gun database and an NPI are the same. I wouldn’t go as far as to say that vested interests are preventing an NPI (although that’s clearly the case with the NRA and a gun database), but let’s just say it’s just not anyone’s legislative priority. There’s no money for it and Congress ain’t gonna ante up voluntarily. That’s not criminal intent – but it does qualify as criminal negligence. There are lots of legal definitions for that phrase, of course, but a good general one is “the indifference or disregard for human life or for the safety of people.”

And make no mistake, that’s exactly what a NPI delivers – better safety and security than the status quo. Maybe CHIME can nudge Congress into action. Clearly the petition path doesn’t work.

The following two tabs change content below.
My Twitter profileMy Google+ profile

Dan Munro

Dan is author of the book "Casino Healthcare: The Health of a Nation, America's Biggest Gamble," and currently a Contributor at Forbes where he has been writing for the Pharma & Healthcare channel since 2011. Dan has also authored articles for global brands like TEDMED, Re/Code, Cisco and for healthcare publications like Health Standards, The Health Care Blog – and others.
  • Naveen Rao

    Dan – thanks for an illuminating read. Some great statistics you dug up too. I wonder if the politics of single payer bleed over into the NPI issue as well.

  • Yup – but in coverage – not payment.

    Every other industrialized country has universal health coverage. How they pay for that varies between single and multi-payer. We can easily afford either – but I worry that “single payer” isn’t the best fit for us, is too politically charged, and will delay the larger objective of universal health coverage. The irony is that the only system we can’t afford is the one we have – which can only be described as selective health coverage and multi-payer. We’ve been fighting the actuarial math for decades and the math always wins.

  • Steve Sisko

    I don’t get the comparison of a “national database of guns” to a national patient identification number. Actually I don’t get why guns are even brought up in this post about patient identifiers; doesn’t make any sense to me. The id of a person follows them to their grave. The owner of a firearm can change – many times – over the ‘life’ of that inanimate object. Even if the ability to track updates to a list of gun serial numbers and their owners were possible and reasonable, there’s this little thing called the 2nd Amendment.

    To me this post is a mish-mash of the author’s political opinion and I’m surprised Health Standards hosted it.

  • Nick Orser

    Dan – interesting article. Wouldn’t an NPI just add to the problem? If it’s a new, secret, private ID number, then people will find ways to abuse and steal it (just like with SSNs). And adding a new NPI to the mix to identify patients and deduplicate their records just adds one more piece of data that can be mis-typed, forgotten, lost, switched with a relative, etc. Plus, you’d have to somehow issue an NPI to 320M people. (Do you send them in the mail, in which case many will get sent to old addresses? Or do you make each person go to the DMV so they can pick it up, and make each person bring two forms of ID to prove their identity?) And you’d have to figure out how to associate the new NPI to every existing health record which would be a huge challenge. I work for a company that is addressing this patient identification problem. We have a new way to determine whether two patients are really the same person even if their recorded names, addresses, birthdates, etc., are out-of-date, incomplete, or inconsistent across their health records. Our CEO recently published an article in Health Data Management that talks about the challenge of patient matching and patient identification, and discusses a study we performed that discovered that patient data is worse than anyone thought. I’d be interested to hear your take on it: http://www.healthdatamanagement.com/opinion/why-matching-patient-ids-is-a-critical-challenge

  • TWLAW

    Good points. What if we were to cover malpractice too, and protect Docs and other providers that acknowledge mistakes and learn from them, instead of hiding them?

  • The reference to a gun database (as I stated) is the same regulatory challenge as a national patient identifier – and we have neither for similar reasons.

    No one argues with Vehicle Identification Numbers (primarily for safety) but patient identification and gun registration for safety? Nope – won’t happen because of the various lobbying interests (NRA and various healthcare related ones).

    As you well know, Steve, HIPAA had a patient identifier baked into the original legislation – but it was (subsequently) defunded. If you read the article on a gun database (linked in the post) you’d also understand the potential value of that – also for safety – but as a gun owner, I know you’re well versed and wrapped inside 2A (forgetting, of course, that 2A was written when white men owned slaves and guns were muskets). Ah yes – the good ‘ol days.

    Relative to Health Standards posting articles expressing different views of healthcare standards – other readers (who also commented) did seem to find some interest/value – so at least for now – you stand alone in your surprise.

  • I think it’s important to realize that our current system of patient identification is antiquated (largely based on SSN) and seriously compromised (in use as a very simple 9-digit # since the 1930’s). Recognizing how serious these flaws are (including patient mismatching in hospitals etc…) becomes the basis of the argument for a new system. There is no perfect system, of course, but it would be safer than the deeply flawed one we have now. Stay tuned on how I think this might roll-out – a post that’s in development.

  • Yup – and another key variable is to make medical training debt-free. Other countries do this today – and enjoy the long term benefits associated with that approach. Doctors are free to pursue the practice they are best suited for – rather than targeting just the highest paid specialties.

  • Nick Orser

    Hi Dan, I’ll definitely stay tuned… I’ll be interested to hear how an NPI could be rolled out. I also agree that our patient identification system is antiquated. But the reason we need accurate patient identification isn’t to authenticate people at the point of care, it’s simply to solve the patient matching (and mismatching) problem that happens behind the scenes. Technologies have made huge leaps in overcoming this, but those leaps have primarily been rooted in complicated algorithms. And those algorithms struggle when a patient’s identifying data (name, address, etc.) is inconsistent across providers. But the newest technological leap—using third-party data as a reference during matching—can identify the same patient across providers even if that patient’s data is inconsistent, has changed (e.g. name change, address change), or isn’t completely filled in. These new “referential matching” approaches could let providers achieve the same matching accuracy as having an NPI, but without all the fuss of rolling one out, and without the (impossible) challenge of linking an NPI to historical health records. And patient safety wouldn’t be compromised, because there would be no “secret” identifier number that could be stolen or abused. Here’s a brief (and branded… sorry) video explaining this new approach to patient identification and patient matching, already being used at some of the largest HIEs in the country. https://www.youtube.com/watch?v=q_Wt5eotKo0

  • Patient matching isn’t the only vulnerability to our current system of abusing SSN’s. Another key challenge is fraud – estimated at $80B/yr (just on the public side – private side is a mystery). SSN’s make fraud easy – and efforts to stop them wind up looking a lot like games of “whack-a-mole.” I’m not saying an NPI totally *solves* this – but adding real intelligence to a numbering system would help to minimize fraud.

    Another BIG IT cost issue is “interoperability” – whereby health records have a better chance of being shared more easily – and not just within the healthcare IT system, but between payers and providers – and patients. Once you do get to a significant scale (not necessarily 100% – although other countries like Ireland are close) – we get to some interesting possibilities around population health. Finland is an example of where this value is starting – as one of the first countries to consolidate EMR data at the national level:

    http://www.hitcentral.eu/healthtech-wire/finland-first-country-europe-consolidate-emr-data-national-level

    So – it’s not just a single point-of-failure (patient matching), it’s the broad spectrum of opportunities that (logically) have to start with an intelligent numbering system. I’d also refer you to my 3-part series from last year here on Health Standards. Part 1 is here:

    http://healthstandards.com/blog/2015/07/07/interoperability-tech-or-bus-challenge/

  • Nick Orser

    Hi Dan, interesting points, and I like your 3-part series—especially the “high-stakes Sudoku game” reference and the VIN analogy. I’d love to take this offline and have a discussion, if you’d be willing. Let me know.

    Thanks, Nick.

  • Larry Laurenzi

    Hi Dan,
    I hear you on ALL the benefits of a national patient identifier, but as a person who has had numerous medical conditions since I was 18, and two that were serious and chronic my medical history has become a weapon against me in getting treatment. The first was an endocrine dysfunction that caused me to be practically disabled, and the medication that got me back on my feet, and that has been covered since 2003 is now not covered as of 2016 under the ACA laws even though I am on a grandfathered plan. I also have a chronic pain condition as a result of the endocrine dysfunction that requires pain management, and while I freely admit I had problems with pain medication within the first 2 years of pain management, I have been stable on pain management since 2007 with no incidents and no addiction treatment. Now that history has come up for coverage on my current pain management treatment and I am being told I have to now go to drug counseling monthly for coverage to continue. I have also been told certain in office treatments will not be covered if I attempt to change my current pain management from my current treatment. I am now 52, and I do not expect to get healthier as I age.
    So the bottom line of this long, sad, boring story is when I hear in the same sentence: the Government, Large Institutions, and all the information needed on an individual for safety and efficiency, I cannot help a kneejerk reaction of both fear and anger.
    I always remember the saying “be careful of what you wish for, because you may just get it.”
    Larry

  • Larry Laurenzi

    Hi Dan,
    The reasons of safety and efficiency can be used to steal any individual liberty. When I hear someone talk about the need for more intrusion into a person’s privacy (ie: everything we need to know about them stored in one place for any reason), it never comes with a guarantee of privacy and ownership.
    If your push for a NPI also came with a push for a new Bill of Rights Amendment that a citizen has complete control of their own healthcare, and all data would be stored and controlled by the patient only, then there would be merit.
    But I doubt that anyone in healthcare would want to give patients complete control of their own healthcare. I can hear the responses now, (mistakes, fraud, addiction) after all citizens have no clue what is best for them. The new prior authorization rules with the ACA now requires doctors to justify their prescriptions and in office procedures. All off label use is now being challenged or denied. Do you think that is solely for the benefit of the patient?
    Also, a pay to play healthcare system is springing up in Europe. I assume Europe can no longer afford to have its best and brightest citizens dying off in state sponsored health care.
    Larry