In November of 2016, Boehm & Associates commented on the merits of implementing a unique patient identifier (UPI) to match individuals to their healthcare data universally across the country’s medical provider organizations. We initially looked at the technical shortcomings inherent in the current matching methodology that uses a patient’s name, date of birth, and Social Security number. However, the recent Equifax breach further illuminates the risks posed to patient privacy and safety when using identification data that is linked across so many other industries and organizations.
An article by Time provides a brief history of the Social Security number and its increased use across the public and private sectors of the United States. A separate article by ZDNet states, “The Social Security number is the key to the fraud kingdom and perhaps the ultimate example of legacy infrastructure and processes.” In truth, there is a very transparent loss of confidence in the Social Security number within the Federal government and among the general population. Identity theft poses a significant problem particularly within California, which topped the list of states with the highest number of cybercrime victims in 2016 and ranked within the top five states affected by identity theft that same year, according to a report by Javelin Strategy & Research (summarized by the Insurance Information Institute).
In 2016, the Vice President and CIO of Intermountain Healthcare provided testimony before the House Subcommittee on Health, stating, “Reducing the reliance on Social Security Numbers and other identifiable information that help bad actors execute fraud will immediately devalue health records on the black market. We need a healthcare identification solution that, if stolen, does not have the same potential for fraud and abuse.” Various organizations have taken up the challenge of designing and pitching alternatives to patient data matching in the wake of the Equifax breach. Blockchain is a model that has been receiving quite a bit of attention recently due to its ability to decentralize personally identifiable information in a manner that makes it both more reliable to authenticate individuals and less invasive to personal privacy when supplying the components for authentication; an article by Forbes provides an example of real-world blockchain implementation that could potentially be replicated within the context of the healthcare industry.
Congress has also included language in its FY2017 appropriations bill clarifying the ability of the Department of Health & Human Services to aid in the development of a unique patient identifier within the healthcare industry by partnering with the private sector. It will be interesting to see how the landscape of health IT evolves within the coming months and years in response to the opportunity for change. Boehm & Associates will continue to monitor the progress of this initiative and provide updates as they become available.