Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

The Federal government is currently looking at development of a unique health identifier for individuals as part of a comprehensive plan to achieve uniform standards for exchange of health data. Requirements for this identifier include information privacy and facilitation of electronic data transfer - primarily for administrative and financial transactions. This process is mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Those health insurance plans, providers and other health care entities who wish to conduct transactions electronically must comply with standards set forth by this legislation within 2 years of their adoption - small health plans are allowed 3 years to comply. These standards include

• -Certain uniform transactions and data elements for health claims and equivalent encounter information, claims attachments, health care payment and remittance advice, health plan enrollment and disenrollment, health plan eligilibility, health plan premium payments, first report of injury, health claim status, referral certification and authorization and for coordination of benefits.
• -Unique identifiers for individuals, employers, health plans and health care providers for use in the health care system.
• -Code sets and classification systems for the data elements of the transactions identified.
• -Security standards for health information.
• -Standards for procedures for the electronic transmission and authentification of signatures with respect to the transactions identified. (from government White Paper on Unique Health Identifier published 7/2/98)

Security issues as well as privacy and confidentiality of health information are addressed rigorously in this new legislation. The Secretary of Health and Human Services is required to adopt security measures to protect health information in transit and storage and to protect against improper usage of this information. Regulations to provide these protections must be finalized by February 21, 2001 by law. The law also specifies penalties and punishment for misuse of a health identifier or wrongfully obtaining and using individual health information.

Opinion is divided regarding the nature of the unique health identifier. The HHS has decided to issue a Notice of Intent to allow public debate over controversial aspects of the unique identifier.

Comments are solicited for the following areas:

• What are the major confidentiality and privacy concerns associated with a health identifier and how should they be resolved? What principals should underlie the choice and implementation of an identifier? What uses should be approved for the health identifier for individuals? What is the relationship of this identifier to legal protection for health information generally?
• What model should be selected for a health identifier for individuals? Are there other viable options that are not discussed in this notice? How should candidate identifiers be evaluated? Are the relevant positive and negative aspects included for the alternatives in this notice? Which alternative do you prefer and which ones should be eliminated from consideration? Why?
• What will it cost both to transition to a new identifier system and to operate it? Who should pay the costs and why? What will the impact be for small providers and, if significant, how can it be mitigated?
• What are the critical implementation issues for a health identifier for individuals and how should they be addressed? For instance: How will the system of authenticating requests and assigning identifiers work on a day-to-day basis? Who will operate the system? What are the infrastructure requirements? How can encryption and other digital security technologies enhance identifier protection? What will the transition process look like? (from government White Paper on Unique Health Identifiers published 7/2/98).

Today, all components of the health care delivery system in this country assign identifiers to individuals for use within their systems. A unique identifier for individuals for use throughout the system would have many benefits, including reduced administrative costs and improved quality of care. Identifiers differ from one health care organization to another while the delivery of health care routinely crosses between these organizations. For the majority of patients today, the medical record consists of many records spread amongst many providers, hospitals and other health care organizations. An increasing number of these records is electronic. Many aspects of health care delivery could benefit from use of a unique identifier for individuals including continuity of care, accurate record keeping, prompt payment for services and detection of fraud and abuse. Having multiple identifiers for the same individual across organizations prevents or inhibits timely access to necessary information. Unique identifiers would facilitate test result reporting, chart updating and maintenance and retrieval of medical records as well as integrating information across various internal information systems. A unique identifier would serve the same purpose as proprietary identifiers do now within a given health care organization. Examples of this include provision of safe blood transfusion therapy, tracking invasive testing and surgery and safe medication administration. There is currently support within the health care industry for the adoption of a unique identifier for individuals.

Controversy over adoption of a unique identifier has centered on the privacy issue. For some, privacy and protection of personal information outweigh any clinical or administrative benefit. For others, privacy issues are important but can be managed. Some believe that use of a unique identifier increases the threat to privacy by facilitating information exchange across and within organizations - use of multiple different identifiers impedes information exchange across data systems and may provide some protection of individual privacy. Others believe that use of a unique identifier should go beyond the health care system - linking health care information with police records (to evaluate the effectiveness of helmets, restraints and airbags) or environmental and workplace exposure records (both of these examples are public health concerns). There is risk in expanding the role of an identifier in this fashion in that more and more facets of an individuals' life become vulnerable to inspection.

Use of a unique identifier would allow for simplification of the health care record in that it could replace many elements of personal identifying information currently being used in the medical record (such as name, address, gender, birth date, phone numbers SSN, etc.). Because of this, some think that use of a randomly assigned unique numerical identifier would increase privacy protection since it cannot easily be used to identify an individual by those who would seek to abuse the system.

The National Committee on Vital and Health Statistics (NCVHS) was appointed the role of advisor to the Secretary of HHS on standards issues. The committe recommended that HHS not adopt a standard for a unique identifier until after privacy legislation is enacted. There were 3 reasons:

• The selection of a unique health identifier for individuals will become the focus of tremendous public attention and interest, far beyond that afforded to other health privacy decisions. No choice should be made without more public notice, hearings and comment.
• Until new Federal privacy law adequately protects health record privacy, it is not possible to make a sufficiently informed choice about an identification number or procedure. The degree of formal legal protection in such a law will have a major influence on both the decision itself and the public acceptance of that decision. Passage of a comprehensive health privacy law may make the choice of an identifier easier and less threatening to privacy.
• A unique health identifier for individuals could not be protected from misuses under current law, notwithstanding the criminal penalties enacted in HIPAA.

TABLE OF CONTENTS