It's been a decade since federal legislation called for the creation of a unique patient identifier -- a number carried by each American linking patients to their individual health records -- but concerns about privacy and security, reported way back in the July 21, 1998, Los Angeles Times, have stalled efforts to put the proposal into use.
Concerns still exist, but it may be an idea whose time has come, according to a Rand Corp. study released online today. It turns out that the compromise fashioned to adhere to the 1996 Health Insurance Portability and Accountability Act mandating the creation of a system to accurately identify patients has resulted in a system in which privacy is at risk, while not doing enough to prevent errors.
Short of a new system with a new number for everyone, most hospitals and health systems instead rely on what's called statistical matching, based on multiple personal attributes, such as name, address, birth date, gender and Social Security number, to accurately match a given patient with his or her MRI results, blood records or medical history.
That's why, when you call your insurance company, the representative might think nothing of asking, "What's your soch?" -- translation: social security number. The statistical matching system now in use is more likely than a new unique patient identifier system to result in errors, repetitive tests and unnecessary care. Rand researchers, led by senior principal researcher Richard Hillestad, found that the system now in place returns incomplete medical records about 8% of the time and exposes patients to privacy risks because of the large amount of personal information needed to do a search.
"Our research suggests that it's easier to safeguard patient privacy with a records system that makes use of a unique health ID rather than a system that uses statistical matching," Hillestad said in a news release. One way to begin the process, he says, is to allow people to volunteer for a unique health identifier, giving researchers an on-the-ground way to measure a new system's ability to protect privacy while reducing errors against the current system.
Researchers estimated that implementation of a new system in which everyone has a health number would cost up to $11 billion. But once implemented, would save about $77 billion in increased efficiency and reduced errors.
Even if determined hackers could get into a new system of patient identifying numbers, they'd come away only knowing when someone is due for the next colonoscopy or how high that person's blood cholesterol is. But because they'd get no Social Security number, name or other identifying information, they wouldn't be able to steal that person's identity.
Photo: Will they pull the right medical record? Credit: Myung J. Chun / Los Angeles Times