Patient matching—the ability to match a person to their correct medical record—is a perennial issue in health IT. The lack of a consistent, stable patient identifier interferes with patient matching. This drives up administrative costs, creates a barrier to research and interferes with the interoperability of health data. Most concerning, it creates patient safety issues and interferes with the ability of providers to deliver high-quality, informed health care.
One of the most hotly debated potential solutions is a national patient identifier, where the federal government would assign a unique medical ID number to every U.S. resident. Medical records would be linked to this ID, making it easier to find the right patient’s records every time.
Proponents of the idea explain that this would lead to better care, increased patient safety, and lower costs across the health care system. Opponents often argue that the creation of a national patient ID would compromise the privacy of patients, and complain about the potential cost.
In 1998, the House of Representatives banned the federal government from spending any money to work on the creation of a national patient ID. This ban did not end the conversation (or advocacy) surrounding the issue, and in 2019 the House of Representatives voted to end the ban. The Senate, however, let the ban stand, opting instead to direct the Office of the National Coordinator for
Health IT to work with private sector initiatives to investigate the issue.
Now, with the pandemic shining a light on the weaknesses in U.S. health IT, it’s worth discussing how
a modern, privacy-protecting national patient ID could be designed.
With most ID systems, one of the fundamental questions is whether the ID will function solely as an identifier or also an authenticator. Social security numbers are an example where an ID also functions as an authenticator—it’s treated as a secret, so just knowing it “proves” something about your identity.
On the other hand, a driver’s license number or student ID number is not usually treated as a secret;
possessing these IDs won’t grant you any specific privileges without additional verification.
Put another way, an identifier is like a username, while an authenticator is like a password.
Most of the trouble arises when we try and use one ID for both purposes. Think about any digital logins you have—the username is always separate from the password. They serve different purposes and should remain separate.
Now, if we limit a national patient identifier to serving solely as an identifier with no associated authenticator, the usefulness of the system will be limited—you would always have to prove your identity through another method. On the other hand, advocating for tasking the Department of Health and Human Services with managing what amounts to both the username and password of medical records in the United States leads to exactly the kind of privacy-focused opposition which has held up this project for decades.
Thankfully, there’s another way: public-key cryptography.
If you’ve ever accessed a secure website over HTTPS, used a mobile banking app, or messaged on a secure messaging app like iMessage, Signal, or WhatsApp, then you’ve used public-key cryptography.
In these systems, each user has a public key and a private key. The public key serves the same purpose as a username—uniquely identifying each individual. The private key serves a similar purpose as a password but in an entirely different way—it is never disclosed to anyone. Instead, the private key is used to generate secure digital signatures which can be verified using the public key. This is possible because the underlying keys are mathematically related.
This approach protects the security and privacy of users. That’s why it’s already used in so many digital systems today. It would also create new opportunities for digital innovation in health IT by enabling patient matching and identity verification to take place electronically. This could enable secure, patient-controlled health data sharing, transferrable e-prescriptions, and support faster (possibly even automatic) prior authorization.
Efforts to create a national patient identifier will continue—and they should. The benefits are clear and compelling. Every industrialized nation except the United States has already created one. As these efforts move forward, we should also consider how to design such a system so that we not only catch up with other nations but enable future innovations in health IT. Our ability to create a health care system worthy of the 21st century depends on it.