The Security Scrutinizer with Howard Anderson

CIO Highlights Patient Identifier Issue

Health Information Exchange Difficult Without ID, He Argues

As CIO of a hospital system that's participating in an emerging health information exchange, Neal Ganguly is frustrated by the nation's lack of a standard method for identifying patients. Sharing patient data among multiple organizations through health information exchanges will prove challenging, he argues, unless there's an easy way to match patients to all their records from everywhere they've received treatment. A unique patient identifier, while not a panacea, would certainly prove helpful, he says.

Ganguly, vice president and CIO at CentraState Healthcare System in New Jersey, wants to see federal regulators at least initiate a study of the issue of unique patient identifiers. He urged attendees at the American Health Information Management Association's Legal EHR Summit on Aug. 15 to ask federal legislators to address the issue.

The CIO called attention to the efforts of the Coalition for an Informed Patient Identity Integrity Solution, which is advocating a federal study on the issue. Since 1999, Congress has banned the Department of Health and Human Services from conducting such a study, even though HIPAA called for creation of a national patient identifier. That's primarily because privacy groups expressed concern that such an identifier could be breached and lead to unauthorized access to patient records.

Now, the coalition, formed by AHIMA and several other associations last fall, is advocating the lifting of that ban. But if that proves politically impossible, the coalition would like to at least see a member of Congress ask the Government Accountability Office to conduct a study of the issue. Such a study is not prohibited under the Congressional ban. So far, however, no one in Congress has submitted a request to GAO.

"Today, privacy advocates can make more noise about the potential risk of a breach than we as healthcare providers can make about the risk of not positively identifying patients," Ganguly laments. The lack of an easier way to match patients to all their medical records creates safety risks, such as by tying a patient to the wrong record with the wrong information about their allergies to medications, he notes. He points to one study in Texas, for example, that found 231 people named Maria Garcia shared the same birth date.

CentraState Healthcare System, which owns one hospital and numerous other facilities, is a participant in Jersey Health Connect, a health information exchange now in the formative stages that eventually will link 14 area hospitals and other facilities. So far, the HIE has not figured out how it will tackle the issue of matching patients to all their records. "We are very concerned about how we are going to positively match records across the HIE," he notes. "And who's liable for the care that may be inappropriately delivered based on data incorrectly captured?"

With regional and statewide HIEs being developed across the nation, Ganguly stresses that matching patients to their records, through unique identifiers or other methods, such as a master patient index or other matching technologies, is becoming an urgent matter. But he contends that the available technologies are expensive and error-prone.

Ganguly says he's pleased the Privacy and Security Tiger Team has asked the Office of the National Coordinator for Health IT to investigate best practices for matching patients to their records (see: Matching Patients to the Right EHRs).

He's also encouraged by early efforts to test a voluntary approach to using unique patient identifiers. For example, the Western Health Information Network, an HIE, is testing use of the Voluntary Universal Healthcare Identifier from Global Patient Identifiers, a Tucson, Ariz.-based not-for-profit organization (see: HIE Tests Patient Identifiers ).

In light of ongoing efforts to build HIEs and then, ultimately, link them nationally to pave the way for information sharing, it seems reasonable to at least study how best to match patients to their records while assuring privacy. We hope the ONC will launch a serious study on matching methods. And we also hope a member of Congress will take the initiative to request the GAO conduct a study of patient identifiers and privacy to pave the way for a renewed discussion of the pros and cons of a national identifier.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.