The case for a National Health Identifier
COVID-19 underscores the benefits of a proper patient identification system
Happy new year! First off, I want to thank you all for your support in reading In Silico. The year ahead is going to be an exciting one, as digital health continues to mature as a field and become increasingly indispensable. I’m looking forward to sharing my thoughts.
If you ever have any feedback or suggestions, you can reply directly to the emails — I’d love to hear your thoughts. And with that, let’s dive in.
In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was signed into law and included a provision which called on the Department of Health and Human Services (HHS) to create a national health identification system. Two years after its passage, former Congressman Ron Paul introduced a funding ban which blocked HHS from developing such a system, out of privacy concerns. The ban has held up to this day, leaving patients without health identifiers 25 years later.
National health identifiers (NHIDs) are important because of their potential to improve quality of care and reduce healthcare costs. Proper medical decision making requires providers to have a comprehensive picture of each patient’s longitudinal medical history. While the new HHS rules around EHR interoperability we discussed last month are a necessary step in the right direction, they are not sufficient. NHIDs are another important piece.
Inaccurate patient identification can cause serious harm
In the absence of an NHID system, providers currently decide on their own patient identification systems, by creating unique identifiers for patients or leveraging existing ones (e.g., names, addresses, Social Security numbers). This decentralized approach can lead to errors, and can become a particularly big issue when health data is shared between providers. Without standardized patient identifiers, a process known as patient matching is required to ensure that all health data for a given patient is linked to a single record and that duplicate records are removed.
Although error rates vary widely among providers, they generally leave much to be desired. A 2018 poll of health technology managers found that on average, 18% of a given organization’s patient records are duplicates, and when data is exchanged between organizations, match rates are an abysmal 24%. In fact, an entire industry (known as EMPI vendors) exists to find and resolve these mistakes — yet another example of a healthcare workaround. It’s important to note that inaccurate patient identification isn’t simply inconvenient — it can lead to ill-informed medical decisions that can cause serious harm. The financial burden of these errors — unnecessary procedures, duplicate tests — also adds up, costing the US healthcare system over $6 billion per year.
Privacy concerns are legitimate but not prohibitive
Last year, after the House overturned the ban on the development of an NHID, the Senate failed to do the same, due to pushback from Senator Rand Paul (following in the footsteps of his father). Senator Paul, who is a physician, said it would be “unacceptable for government to centralize some of Americans’ most personal information” through an NHID. Though his focus on privacy is warranted — fraudulent usage of an NHID could result in loss of confidentiality, privacy abuses, or even patient harm — his fear of ‘data centralization’ demonstrates a misunderstanding of the details of NHID implementation.
At its core, an NHID system is about adding a new identifier to all patient records; specifically, one that is unique across patients and enables records from individual patients to be linked. It does not necessitate the centralization of health data, which is a separate issue that should be independently considered. In its strictest implementation, an NHID system would not affect the storage and usage of health data at all, and most information would remain in disparate provider (and consumer) EHRs.
Privacy concerns with such a system should focus on the risks of NHID fraud at various points of care (rather than a centralized location). In this light, it is difficult to see how an NHID system would be worse than the system we have today. Without a unique identifier for medical purposes, providers have increasingly resorted to capturing Social Security numbers instead, leading to even greater security risks. The irony is striking — out of privacy concerns with an NHID system, we are tying health records to SSNs instead, giving potential access not just to our medical information but our financial data all together.
Proper implementation of an NHID system would also present an opportunity to leverage technological advancements to improve security. One approach which has started to gain traction is the use of biometrics. A UN report on the implementation of national health identifiers suggested that NHID cards could contain biometric information to provide additional identity verification. Due to the need for scalability, the report determined that fingerprint scanners were the most promising biometric modality.
Within the context of an NHID system and robust EHR interoperability, the question of health data centralization should be separately considered and evaluated. One middle-of-the-road approach is Australia’s My Health Record, which provides a place for providers to access a summary of high-value medical information for any patient. My Health Record is a hybrid between a consumer and provider EHR (both can add and review data) but it does not replace existing health records (preventing full centralization). Another is Slovenia’s Central Patient Data Register, which centralizes data and gives providers access to all health records for a given patient, but only after verifying both the provider and patient’s identities. As with anything in healthcare, the devil’s in the details, but the privacy concerns which have held up an NHID system to date do not justify blocking its implementation in any form.
COVID-19 underscores the benefits of an NHID system
The COVID-19 pandemic has compressed a decade of innovation within healthcare into a single year and highlighted numerous potential areas for improvement. It also provides a valuable case study on the benefits of an NHID system.
Given the amount of data available to policymakers, researchers, and patients today, COVID-19 has been called humanity’s first data-driven pandemic. But one area that’s lagged behind is the reporting of racial and ethnic data with COVID-19 cases. As late as September, more than 37% of publicly available data from state and local health departments were still missing data on race, and several states were not reporting ethnicity data at all. Without this information, it has taken public health officials longer to recognize and respond to the dramatic racial and ethnic disparities with the pandemic. A proper patient identification system would have surfaced these inequities much more easily, with NHIDs providing the link between positive COVID-19 test results and basic demographic information.
A second area which would have been aided by an NHID system is vaccine distribution. The CDC’s latest recommendations on vaccine allocation prioritize persons aged 16-64 with high-risk medical conditions over those who are not at-risk, but it is unclear how this will be implemented in practice. Given the fragmentation of care delivery and the push for widespread vaccination locations, a substantial proportion of Americans may not receive the vaccine through their usual primary care provider. The challenge which follows is that these makeshift vaccination locations won’t have access to longitudinal health records, and may struggle to distinguish high-risk individuals from everyone else. An NHID system combined with robust EHR interoperability would have resolved this and allowed for more precision and efficiency with vaccine distribution.
The passage of the Health Insurance Portability and Accountability Act 25 years ago revolutionized the legal protections and accountability around health information, but failed to trigger the development of a national patient identification system. The COVID-19 pandemic has highlighted that such a system is long overdue, and it is time for legislators to act. By overturning the ban on funding an NHID, Congress will be taking a necessary step to making health data truly portable, while fulfilling the original intent of HIPAA as it was written.