Yes, we should have a national patient identifier, but it won't be a panacea and it won't be easy.
There are questions to answer around who should get a national patient ID (e.g., a tourist from another country who is needs medical care during their visit? Someone apprehended at a border crossing who is in immigration detention and deportation proceedings?), how the issuer would ensure accurate assignment and allow for patients to request corrections, how to keep the ID secure, and much more. I see a national patient identifier as more-so benefiting interoperability and only minimally impacting point-of-care patient safety, since clinicians already have plenty of other unique data points available to them when they render care.
You can argue we have a national patient ID with the SSN, but SSNs have an inherent limitation in that they are unchangeable, so once it is leaked, you're at risk forever. A future national patient identifier should be fungible, much like a credit card number, so that the issuer can invalidate your current number when it is compromised and issue a replacement. That, of course, leads to even more questions like how every possible system with that patient's old ID would know about the swap.
It's a big challenge, to put it mildly. Thankfully we have some experience with something like this, when CMS rolled out the Medicare Beneficiary Identifier about a decade ago.
kulaga - 5 months ago
How about just using the National Identifier we already have, the Social Security Number. Update a few laws and instant UPI. As a bonus, most hospitals already have it on file. Mine has been leaked so many times I have zero expectation of privacy left.
Frank Poggio - 6 months ago
A part of the 'fix' to the US health care system is the UPI. It is interesting to note that the primary reason the US health care system is a mess is because it was created via massive political compromise from 1940-1970. Remember the AMA fought Medicare tooth and nail and were successful in getting Medicare to separate parts A & B. and today we have parts C and D. Can't wait to see how efficient it will be when we get to Part Z!
The UPI was originally included in the 1996 HIPAA regs, but got cut out by politicians of a certain persuasion.
Jeremy Coleman - 6 months ago
If a national patient identifier would do what they say, then you wouldn't have a problem with mismatched patients inside singular hospital systems that run their own Master Patient Index, a mini-national patient id. What tells us that another standard and another repository of data would all of sudden shine light so bright that it would be impossible for any admissions personnel to make a mistake? In fact, that national patient index would be another weakness to overcome because it would be polluted by other facilities and other bad practices that individual hospital systems have zero control over.
Catherine - 6 months ago
Absolutely not - We don't need new identifiers. What we need is a system to accept and exchange trusted digital identification in the form of verifiable credentials. https://www.linkedin.com/pulse/governance-regime-all-data-stephen-wilson-2k2oe/?trackingId=OU0HzhIs7Jxqic%2FI8pNLYA%3D%3D
"We should “seal” existing IDs into digital wallets and then present them digitally, from device-to-server, instead of manually typing ID details into form"
Cosmos - 6 months ago
National patient identifiers are obviously a good idea if they would be used in good faith. It makes sense at least 90% of the time, but there are privacy concerns with sensitive subjects that need guardrails. For example: Substance use disorder treatment, law enforcement access, reproductive rights, PDMPs, and so on. I don't know about you, but I do NOT want to make it easy for any bad actors to come up with a nation-wide list of patients with late-term abortions, gun ownership, or genetic defects based on health records. That's the nightmare big brother scenario. If we can design a robust system with rules that penalize bad actors who misuse NPIs, then let's do it. Otherwise, it should be an opt-in system so patients have some control over their privacy.
Nick van Terheyden - 6 months ago
Of course - it won't completely solve the problem of mismatched records but the idea that privacy is something you have preserved by not having a national identifier is preposterous given the rampant use of Social Security numbers as the proxy for 'identifying' you.
It creates another surface for attack and requires protection but there have been some innovative approaches to that to preserve privacy with 2-part systems much like he public and private key notion in cryptology. Smarter people than I can work out a methodology but while the regulatory bodies preclude any work or research on this concept little to no progress will be made even with private money that will be disincentivized by the potential for any return on their investment
Smart - 6 months ago
How about fix the horrible US healthcare system first. Then we can talk about this nonsense.
Yes, we should have a national patient identifier, but it won't be a panacea and it won't be easy.
There are questions to answer around who should get a national patient ID (e.g., a tourist from another country who is needs medical care during their visit? Someone apprehended at a border crossing who is in immigration detention and deportation proceedings?), how the issuer would ensure accurate assignment and allow for patients to request corrections, how to keep the ID secure, and much more. I see a national patient identifier as more-so benefiting interoperability and only minimally impacting point-of-care patient safety, since clinicians already have plenty of other unique data points available to them when they render care.
You can argue we have a national patient ID with the SSN, but SSNs have an inherent limitation in that they are unchangeable, so once it is leaked, you're at risk forever. A future national patient identifier should be fungible, much like a credit card number, so that the issuer can invalidate your current number when it is compromised and issue a replacement. That, of course, leads to even more questions like how every possible system with that patient's old ID would know about the swap.
It's a big challenge, to put it mildly. Thankfully we have some experience with something like this, when CMS rolled out the Medicare Beneficiary Identifier about a decade ago.
How about just using the National Identifier we already have, the Social Security Number. Update a few laws and instant UPI. As a bonus, most hospitals already have it on file. Mine has been leaked so many times I have zero expectation of privacy left.
A part of the 'fix' to the US health care system is the UPI. It is interesting to note that the primary reason the US health care system is a mess is because it was created via massive political compromise from 1940-1970. Remember the AMA fought Medicare tooth and nail and were successful in getting Medicare to separate parts A & B. and today we have parts C and D. Can't wait to see how efficient it will be when we get to Part Z!
The UPI was originally included in the 1996 HIPAA regs, but got cut out by politicians of a certain persuasion.
If a national patient identifier would do what they say, then you wouldn't have a problem with mismatched patients inside singular hospital systems that run their own Master Patient Index, a mini-national patient id. What tells us that another standard and another repository of data would all of sudden shine light so bright that it would be impossible for any admissions personnel to make a mistake? In fact, that national patient index would be another weakness to overcome because it would be polluted by other facilities and other bad practices that individual hospital systems have zero control over.
Absolutely not - We don't need new identifiers. What we need is a system to accept and exchange trusted digital identification in the form of verifiable credentials. https://www.linkedin.com/pulse/governance-regime-all-data-stephen-wilson-2k2oe/?trackingId=OU0HzhIs7Jxqic%2FI8pNLYA%3D%3D
"We should “seal” existing IDs into digital wallets and then present them digitally, from device-to-server, instead of manually typing ID details into form"
National patient identifiers are obviously a good idea if they would be used in good faith. It makes sense at least 90% of the time, but there are privacy concerns with sensitive subjects that need guardrails. For example: Substance use disorder treatment, law enforcement access, reproductive rights, PDMPs, and so on. I don't know about you, but I do NOT want to make it easy for any bad actors to come up with a nation-wide list of patients with late-term abortions, gun ownership, or genetic defects based on health records. That's the nightmare big brother scenario. If we can design a robust system with rules that penalize bad actors who misuse NPIs, then let's do it. Otherwise, it should be an opt-in system so patients have some control over their privacy.
Of course - it won't completely solve the problem of mismatched records but the idea that privacy is something you have preserved by not having a national identifier is preposterous given the rampant use of Social Security numbers as the proxy for 'identifying' you.
It creates another surface for attack and requires protection but there have been some innovative approaches to that to preserve privacy with 2-part systems much like he public and private key notion in cryptology. Smarter people than I can work out a methodology but while the regulatory bodies preclude any work or research on this concept little to no progress will be made even with private money that will be disincentivized by the potential for any return on their investment
How about fix the horrible US healthcare system first. Then we can talk about this nonsense.