Log in Register

Time to consider a national patient identifier

  • Tuesday, 01 September 2020 10:50
  • Written by 

Patient matching—the ability to match a person to their correct medical record—is a perennial issue in health IT. The lack of a consistent, stable patient identifier interferes with patient matching. This drives up administrative costs, creates a barrier to research and interferes with the interoperability of health data. Most concerning, it creates patient safety issues and interferes with the ability of providers to deliver high-quality, informed health care.  Passport400

One of the most hotly debated potential solutions is a national patient identifier, where the federal government would assign a unique medical ID number to every U.S. resident. Medical records would be linked to this ID, making it easier to find the right patient’s records every time.

Proponents of the idea explain that this would lead to better care, increased patient safety, and lower costs across the health care system. Opponents often argue that the creation of a national patient ID would compromise the privacy of patients, and complain about the potential cost.

In 1998, the House of Representatives banned the federal government from spending any money to work on the creation of a national patient ID. This ban did not end the conversation (or advocacy) surrounding the issue, and in 2019 the House of Representatives voted to end the ban. The Senate, however, let the ban stand, opting instead to direct the Office of the National Coordinator for
Health IT to work with private sector initiatives to investigate the issue.

Now, with the pandemic shining a light on the weaknesses in U.S. health IT, it’s worth discussing how
a modern, privacy-protecting national patient ID could be designed.

With most ID systems, one of the fundamental questions is whether the ID will function solely as an identifier or also an authenticator. Social security numbers are an example where an ID also functions as an authenticator—it’s treated as a secret, so just knowing it “proves” something about your identity.
On the other hand, a driver’s license number or student ID number is not usually treated as a secret;
possessing these IDs won’t grant you any specific privileges without additional verification.

Put another way, an identifier is like a username, while an authenticator is like a password.

Most of the trouble arises when we try and use one ID for both purposes. Think about any digital logins you have—the username is always separate from the password. They serve different purposes and should remain separate.

Now, if we limit a national patient identifier to serving solely as an identifier with no associated authenticator, the usefulness of the system will be limited—you would always have to prove your identity through another method. On the other hand, advocating for tasking the Department of Health and Human Services with managing what amounts to both the username and password of medical records in the United States leads to exactly the kind of privacy-focused opposition which has held up this project for decades.

Thankfully, there’s another way: public-key cryptography.

If you’ve ever accessed a secure website over HTTPS, used a mobile banking app, or messaged on a secure messaging app like iMessage, Signal, or WhatsApp, then you’ve used public-key cryptography.

In these systems, each user has a public key and a private key. The public key serves the same purpose as a username—uniquely identifying each individual. The private key serves a similar purpose as a password but in an entirely different way—it is never disclosed to anyone. Instead, the private key is used to generate secure digital signatures which can be verified using the public key. This is possible because the underlying keys are mathematically related.

This approach protects the security and privacy of users. That’s why it’s already used in so many digital systems today. It would also create new opportunities for digital innovation in health IT by enabling patient matching and identity verification to take place electronically. This could enable secure, patient-controlled health data sharing, transferrable e-prescriptions, and support faster (possibly even automatic) prior authorization.

Efforts to create a national patient identifier will continue—and they should. The benefits are clear and compelling. Every industrialized nation except the United States has already created one. As these efforts move forward, we should also consider how to design such a system so that we not only catch up with other nations but enable future innovations in health IT. Our ability to create a health care system worthy of the 21st century depends on it.

The post Time to consider a national patient identifier appeared first on 3M Inside Angle.

 

  • 757
  • Last modified on Tuesday, 01 September 2020 11:23
Rey Johnson

Rey Johnson works as an HDD Analyst for 3M Health Information Systems where he develops software solutions to meet interoperability needs for health data. He led the technical work on patient consent management which forms a critical portion of 3M’s recent patent application “Shared Revocation Ledger for Data Access Control.” He joined 3M in 2018 at the conclusion of a software engineering internship where he built a modern ETL pipeline to load medical terminologies into the Healthcare Data Dictionary, a FHIR-compatible terminology server.

Rey is pursuing a Master of Biomedical Informatics at the University of Utah, where he is studying machine learning, FHIR-based interoperability, and visualization techniques for healthcare data. As an undergraduate student, he studied cryptography and blockchain technology and he holds a Bachelor of Science in Finance. Since learning to code at eight years old, Rey has maintained a lifelong interest in applying technology to improve life. His current focus on
                                                                            interoperability in health data reflects his commitment to building an accessible, patient-centered healthcare system.