June 15, 2017
Lack of a National Patient Identifier (NPI) has been a Herculean weight on the shoulders of the healthcare industry since the first days of HIPAA and healthcare computer systems. A standard for unique patient ID numbers is a must-have for accurate data sharing, interoperability, increased data security and patient privacy — and for reducing the costs associated with these issues. Unfortunately, a labyrinth of political controversy over the concept of an NPI has created unassailable obstructions for nearly two decades. But in the last year, we have seen some never-before progress that may change everything.
Why does having an NPI matter so much?
Achieving safe and secure patient matching is an essential for interoperability. To make exchanges of healthcare information today, we have to rely on an imprecise method of matching multiple demographic elements in a patient’s profile in the hopes of getting an overall match. Look at some examples of daily challenges of matching patient’s names:
Full names vs. nicknames: Pat Smith vs Patricia Smith
Middle names and initials: Patricia Smith vs. Patricia A Smith vs. Patricia Ann Smith
Hyphenated names and names with apostrophes: Patricia Smith marries Bob O’Malley and becomes Patricia Smith-O’Mallley
What happens to patient identification when Patricia Smith-O’Malley divorces Bob and remarries?
Strategies used today to avoid such fertile ground for error is to make matches using several data elements. For example, the combination of name + date of birth + sex + Social Security number can provide quality matches. However, differences in how the various elements are collected and reported causes many non-matches. One example comes from a 2014 ONC study in which Kaiser Permanente reported that when it tried to match up records from within the same region (its 17 regions have separately implemented the same EHR) the success rate was 90%. Attempting the same match with records from another region decreased the rate to just 50%. If an institution with the same data policies and systems can only achieve a 50% match rate, imagine the challenge that regional health information exchanges face, trying to make matches between different EHRs from organizations with different data management policies.
The high costs of mismatching. According to the same ONC report, each case of misidentification at the Mayo Clinic costs at least $1,200. Intermountain Healthcare spends between $4 million and $5 million per year on technologies and processes intended to ensure correct patient identification.
Reducing security and privacy vulnerabilities. The creation of an NPI doesn’t create any risks that we are not already addressing with the Social Security number, but NPI security and privacy issues have been a major point of contention for years. We can’t rely on SSNs, though this solution has been bandied about, if only because many patients don’t have SSNs. Actually, the NPI is just a new identifier that would very likely create fewer risks because we have security technologies today that that will minimize vulnerabilities. Ironically, the (arguably greater) risks created by using SSNs are already part of the patient matching scheme. Also, the current strategy of using a patient matching algorithm itself poses risks to privacy, in that it would be easy to disclose some of patient A’s information to patient B with a false positive match.
In the last year, we have seen some promising developments in creating an NPI and they are continuing.
On May 17 CHIME announced the finalists of its year-long Healthcare Innovation Trust National Patient ID Challenge, in a widely publicized effort to address the NPI issue. The competition is intended to incentivize the private sector to develop a patient identifying solution that would ensure “100 percent accuracy in identifying patients.” Through a partnership with crowdsourcing innovation platform HeroX, the winner will be awarded $1 million. The challenge is supported by other industry associations such as the AMA, AHIMA, HIMSS, and The Sequoia Project as well as EHR vendors Allscripts and Cerner.
“The dedication demonstrated by the submissions proves that there are many worthwhile ideas and the potential solution for error-proof patient identification becomes closer to a reality every day,” CHIME announced. It continued: “The top four finalists have exhibited an extraordinary level of innovation, adoptability and implementation in creating a viable solution to solve this critical patient safety issue.” The next round of the challenge is underway, concluding in November of 2017 with the announcement of a single winner.
The winner’s solution must:
According to EHR Intelligence, the lack of a unique patient identification system has caused many healthcare organizations to urge Congress for federal technical support. ONC is on board and has just launched its promised Patient Matching Algorithm Challenge, designed to “bring about greater transparency and data on the performance of existing patient matching algorithms [and] spur the adoption of performance metrics for patient data matching algorithm vendors.” The three-month challenge, which is offering $75,000 in prizes, also includes improving patient matching through deduplication and linking to clinical data. Participants will be provided a data set and must submit their answers to be evaluated and scored against a master key.
Congress is also getting engaged. Its FY17 Omnibus appropriations legislation included report language to enable HHS to support creation of an NPI. This legislation finally acknowledges the priority of an NPI, a concern that HIMSS and other organizations have voiced for many years.
The FY17 Omnibus Appropriations Act includes the following language allowing HHS to aid in the efforts toward an improved nationwide patient matching system: “The Committee encourages the Secretary… to provide technical assistance to private-sector led initiatives to develop a coordinated national strategy that will promote patient safety by accurately identifying patients to their health information.” Considering the longtime prohibition of any HHS support of an NPI, this language hopefully heralds needed acceptance and advocacy.
Implementing a National Patient Identifier program with a solid validation solution and other tight protections is one critical step among many that will be needed to take interoperability from today’s embryonic state into a full grown reality. Just as important, it would create an additional barrier to medical fraud, criminal security compromise, and reduce, perhaps eliminate, the high costs of patient mismatching. In 2017? Maybe. Conservatively, I will look to 2018 for some breakout events, but indications are that we’re finally making important moves forward, and maybe a running start.