On the one-hand, I’m excited by the CHIME-sponsored National Patient ID Challenge. According to the latest release there are “nearly 370 innovators from 40 countries” that have registered for the Final Innovation Round. The challenge itself is crystal clear: “Ensure 100% accuracy of every patient’s health info to reduce preventable medical errors and eliminate unnecessary hospital costs/resources.”
The reward is a cool $1 million and the winner will be announced sometime next year. I’m definitely interested to see the winning entry.
On the other hand, I’m not at all hopeful that the U.S. will benefit from this effort because of the legal blockade imposed by Congress on even studying this issue. In that sense, federal support of a national identifier for anything – even something as critical as healthcare – seems to be further away today than ever before and Congress has a near bulletproof argument against a national patient identifier (NPI) wrapped neatly inside a single word – privacy.
Industry versions of an NPI just won’t get to scale because of competing commercial interests. No real surprise here because car manufacturers were stuck with proprietary Vehicle Identification Numbers (VIN’s) until the National Highway Traffic SAFETY Administration came along and mandated one in 1981.
But NPI’s exist in other parts of the world just fine. The most recent example is Ireland – which announced their NPI as “live” earlier this month. Key milestones on their path included:
- December, 2013: eHealth Strategy for Ireland
- July, 2014 – Health Identifiers Act
- August, 2016 – Individual Health Identifier (IHI) in production
Wow – roughly 32 months from start to implementation. Of course Ireland is small compared to the United States. The population of Ireland (about 4.6 million) is roughly equivalent to the population of Louisiana, but it’s still a major undertaking for technical, legal and societal reasons.
This is probably the single largest patient safety initiative that the Irish healthcare system has deployed to date. I think clinicians are way more bought into this than in the NHS [with the NHS number] 15 years ago. It’s been pushed as a patient safety initiative. This is very much about patient safety and using information to stop mixing people up. Richard Corbridge, CIO of Health Service Executive
- 8-12% of hospitals’ medical records are duplicates
- On average: 64,000 – 96,000 medical records in an EMR (system) refer to a patient with another existing medical record
- The average cost associated with repeated medical care – $1,009
- Kaiser Permanente of Southern California has over 10,000 records of people named Maria Gonzales
- HIMSS: 8-14% of medical records include erroneous information tied to an incorrect patient identity
Ireland’s accomplishment also tracks to broader objectives. An NPI is both critical and foundational to objectives around patient engagement, population health and safety – including how this will ultimately play into any national electronic health record system. I could reference the critical importance of an NPI for “interoperability” here in the U.S. – but I’ll just bite my tongue.
The Health Identifiers Act (HIA) – which Ireland passed in July, 2014 – also had an interesting intersect with U.S. legislation. The HIA had this language:
INDIVIDUAL HEALTH IDENTIFIERS
5. Assignment of individual health identifier
6. Establishment and maintenance of National Register of Individual Health Identifiers
HEALTH SERVICES PROVIDER IDENTIFIERS
13. Assignment of health services provider identifier
14. Establishment and maintenance of National Register of Health Services Provider Identifiers
If that sounds remotely familiar – here’s the U.S. version – as incorporated into HIPAA (passed in 1996):
UNIQUE HEALTH IDENTIFIERS.— “(1) IN GENERAL,—The Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system.”
The needs are identical – whether you’re a country the size of 320 million – or one the size of Ireland.
Of course, here in the U.S., theoretical concerns around privacy caused such enormous heartburn that Congress simply de-funded the original intent (which is similar to the way they de-funded the “risk corridors” last year) – but I digress. The point here is that unfounded and unrealistic concerns around privacy derailed our effort to implement a national standard recognized as critical (and part of healthcare legislation) more than 20 years ago. Was it truly for privacy issues – or was it intentional for other reasons? We’ll get there.
I say the reasons around privacy were unfounded and unrealistic because what we have today in the way of algorithmic patient matching isn’t just less safe – it’s also less secure. The safety issue is well documented – and that’s the primary basis for the CHIME Challenge.
In an environmental scan in 2014, the Office of the National Coordinator for Health Information Technology found that the best error rate is around 7%. Worse still, the error rate is usually closer to 10 to 20 percent within a healthcare entity and it rises to 50 to 60 percent when entities exchange with each other.
Wow. That’s painful – how could it possibly get worse? It’s worse because that’s just the safety component. The security component actually compounds the safety risk because any identification number used for patient matching – say a proprietary master patient identifier or Social Security number – is, by definition, less secure because it has less legal protection.
Security and privacy could actually be strengthened with a unique patient identifier. A unique patient identifier, once developed, would immediately become protected health information (PHI) under federal and (applicable) state law. RAND – Identity Crisis? (2008)
The American Health Information Management Association (AHIMA) was the latest U.S. healthcare organization to join our long running battle for an NPI. Unfortunately, the AHIMA petition (launched in March) needed 100,000 signatures and secured less than 9,000. This wasn’t for an actual NPI, mind you, this was simply to remove the federal budget ban to think about a patient safety identifier.
But here’s the thing. I know why we won’t make progress here – today, tomorrow, or even this decade. It’s intentional. In my opinion, it’s also criminal. How do I know this? Because there’s another big regulatory challenge with a very similar profile just one aisle over – and it often gushes blood into our emergency rooms. It’s the gun aisle. How is it remotely similar? Here’s the opening story in a recent article – and the money quote:
Say there’s a murder. Blood everywhere, a dead guy on the floor. The cops come in with their yellow tape, chalk line, the little booties, cameras, swabs, the fingerprint dust. One of them finds a gun on the floor. The gun! He lifts it with his pinkie, examines it, takes note of the serial number. Back at the station, they run a trace on the gun. A name pops up. It’s the wife! Or: It’s the business partner! It’s somebody’s gun, and this is so exciting because now they know who did it.
Except—no. You are watching too much TV. It doesn’t work like that.
“Think,” says Charlie Houser, a federal agent with the ATF.
The cops run a trace on a gun? What does that even mean? A name pops up? From where? There’s some master list somewhere? Like, for all the guns all over the world, there’s a master list that started with the No. 1 (when? World War I? Civil War? Russian Revolution? when?), and in the year 2016 we are now up to No. 14 gazillion whatever, and every single one of those serial numbers has a gun owner’s name attached to it on some giant list somewhere (where?), which, thank God, a big computer is keeping track of?
“People don’t think,” Charlie tells me. “I get e-mails even from police saying, ‘Can you type in the serial number and tell me who the gun is registered to?’ Every week. They think it’s like a VIN number on a car. Even police. Police from everywhere. ‘Hey, can you guys hurry up and type that number in?’ ”
“It’s a shoestring budget. It’s a bunch of friggin’ boxes. All half-ass records.”
So here’s a news flash, from Charlie: “We ain’t got a registration system. Ain’t nobody registering no damn guns.”
Here’s the quote from that same article:
There is no national database of guns. We have no centralized record of who owns all the firearms we so vigorously debate, no hard data regarding how many people own them, how many of them are bought or sold, or how many even exist.
Sound familiar – right? It’s a great article with a great headline: Inside the Federal Bureau of Way Too Many Guns
And that’s why Ireland has a National Patient Identifier and we don’t. We have the technical and economic prowess to trump anything Ireland – or literally any other industrialized country can do. We could implement an NPI – if we wanted to – if there was no artificially induced congressional budget ban. The rationale against one sounds legit – privacy – but it’s a smokescreen.
The reason we don’t have a national gun database and an NPI are the same. I wouldn’t go as far as to say that vested interests are preventing an NPI (although that’s clearly the case with the NRA and a gun database), but let’s just say it’s just not anyone’s legislative priority. There’s no money for it and Congress ain’t gonna ante up voluntarily. That’s not criminal intent – but it does qualify as criminal negligence. There are lots of legal definitions for that phrase, of course, but a good general one is “the indifference or disregard for human life or for the safety of people.”
And make no mistake, that’s exactly what a NPI delivers – better safety and security than the status quo. Maybe CHIME can nudge Congress into action. Clearly the petition path doesn’t work.
[May 2018 Update]
Like many, I was clearly hopeful, but as of November 2017, CHIME has officially suspended the National Patient ID Challenge.
Though we’ve made great progress and moved the industry forward in many ways through the challenge, we ultimately did not achieve the results we sought to this complex problem. We decided the best course of addressing this patient safety hazard is to redirect our attention and resources to another strategy. Russell Branzell – CHIME CEO