The Problems with Patient IdentifiersA new 60-page white paper offers insights on how to ensure the integrity of patient identifiers used in electronic health records despite the lack of a national standard for such identifiers.
Hospitals, physicians' offices, insurers, software companies and others use a wide variety of patient identifiers tied to clinical information, including core patient records, test results, claims and more. And if the wrong patient record is associated with an individual, the results can be disastrous, the "Patient Identity Integrity" report from the Healthcare Information and Management Systems Society points out.
"Linking the wrong clinical information to a person can not only cause great personal harm to the patient, but can also incur huge costs to the healthcare provider in correcting and mitigating the error," the report states
Risk of fraud
Poor management of patient identifiers also can lead to fraud, the report notes, including "manipulation of the system for illegal purposes such as drug seekers, drug diversion or medical identity theft."
As a result, patient identity integrity is a key component in any effort to comply with the pending federal Identity Theft Red Flag rules, the report notes. Under the rules, the effective date for which has been delayed to June 1, any organization that extends credit to its clients must develop written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft.
Many larger organizations use master patient index technology to map various identifiers and ensure the right records are linked to the right patient. But the report stresses that MPIs need to be monitored and properly maintained and updated.
No national standard
The Health Insurance Portability and Accountability Act of 1996 mandated the development of a standard national patient identifier. But Congress, citing privacy concerns, prohibited the U.S. Department of Health and Human Services from issuing a final rule or standard for a patient ID. That's largely because the obvious choice for a standard ID was the Social Security Number, but privacy advocates cautioned that using the number could trigger widespread invasions of privacy.
As a result of research conducted for the white paper, Chicago-based HIMSS has called for Congress to lift its prohibition against HHS conducting research on standard patient identifiers, says Lisa Gallagher, HIMSS' senior director for privacy and security. HIMSS also advocated a pilot test of identifier options.
"The research on what is available to use as a unique patient identifier needs to be re-established because the available technology has advance forward far enough," Gallagher adds.
Steps to take
But until a national standard patient identifier is selected, healthcare organizations must take steps, such as regularly maintaining master patient indexes, to ensure the integrity of existing identifiers, the new report stresses. This is especially important, according to the report, because hospitals and others are beginning to share patient information over health information networks that serve a city or a region.
"A local system with a poorly maintained or "dirty" master patient index will only proliferate and contaminate other systems to which it links," the report states.
Without identity integrity, the report notes, "information pertaining to one individual may exist in one or multiple databases where it resides as a "duplicate," inaccessible or unknown to those needing to see the complete or most current picture."
The report urges healthcare organizations to "identify the workflow, policies and procedures to ensure personal identifier integrity." This should include identifying "who has the responsibility and authority to correct patient identity information."
Too many organizations fail to properly fund or staff efforts to ensure personal identifier integrity, the report concludes.
To view the full report, visit www.himss.org/ASP/topics_privacy.asp.