Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

Unique Health Identifier for Individuals

.....continued.....

The Computed Healthcare Identifier (CHID) proposal provides an alternative to using the SSN. Under this system a new identifier would be computed from the SSN. No changes would be required in the SSA or with SSNs, therefore its cost would be lower than proposals requiring revamping of the SSN system. In the CHID plan each validated health care plan and provider would be provided a standard algorithm for converting a patient's existing SSN into another number to be used as an identifier within the healthcare system. This would be a "trap door" or one-way algorithm - easy to do but very difficult or impossible to undo (an example would be multiplying 4 or 5 three digit prime numbers together. Calculating backward from the huge number that results to find the original prime numbers would be exceedingly difficult). The CHID number would contain check digits used to distinguish valid from invalid numbers.

Unique temporary numbers for those ineligible for an SSN would be issued on demand by a health care provider or plan from a national computer database accessible by modem over the Internet. These would come from a domain of numbers not computable from the SSN.

Again, there are positive and negative aspects to this plan. Positive aspects relate to areas of cost-effectiveness, accessibility and being content-free. These numbers are also focused for health care. Negative aspects are similar to those identified for using the SSN. The reader is directed to the government White Paper on Unique Health Care Identifier, 7/2/98, for more details.

The Unique Health Identifier provided as a sample in the Standard Guide (not based on the SSN) has a length of up to 29 characters and is constructed from 4 parts:

• a 16 digit number that identifies an individual uniquely
• a delimiter (a single character [such as a period] denoting the boundary between 2 digits or characters)
• 6 check digits
• a 6 digit encryption scheme identifier, if the number has been encrypted

Positive aspects of this system include:

• The proposal meets HIPAA requirements for a standard unique identifier for each individual
• It incorporates check digits and encryption capabilities
• It could restrict the identifier to health care and other desirable uses protectable by legislation

Negative aspects include:

• Cost to modify industry systems and add another long identifier would be significant
• new or additional infrastructure support to issue and maintain the identifier would be necessary. This could be prohibitively expensive.

Biometric Identifiers are based on unique physical attributes (voiceprint, retinal patterns, fingerprints, DNA analysis, etc.) The individual must be present, obviously, for issuance and verification using these methods and special equipment would be necessary to read or scan the biometric attribute used for the identifier. These uniquely and positively identify an individual but currently have many negative aspects (no existing infrastructure to issue or maintain identifiers, special equipment required to read or scan the attribute, the patient's required physical presence, biometric attributes can change with age or disease, etc.)

Identifiers can be based on Personal Immutable Properties - a combination of a person's characteristics that would not change (e.g., birth name, date of birth, place of birth, gender, mother's maiden name, etc.) As with the other proposals, positive and negative aspects can be identified.

Several identification system proposals are based on the Master Patient Index (MPI) concept. An MPI system is already in use in some health care systems - this matches a patient record number with a set of common identification elements such as last name, sex, birth date, SSN, mother's maiden name, etc. Some do not see the need for a unique health identifier since this system is already successfully used in many sites.

Large health care organizations (e.g., hospitals) may have many different MPIs used within its different departments. Merging organizations in this situation are faced with a tremendous challenge integrating their systems, sometimes revealing data integrity issues.

CORBAmed (Common Object Request Broker Architecture, Healthcare Domain Taskforce) is the healthcare component of the Object Management Group, an industry consortium that promotes application of Object Oriented Technologies. This group has asked for propsals for development of their Personal Identification Service (PIDS) to facilitate communication across multiple levels of MPIs.

In October 1997 the US Commerce Department's National Institute of Standards and Technology granted Sequoia Software Corporation government funding to develop an MPI that can correlate and cross-reference computerized patient records from different health care organizations - without the need for human intervention.

Health Level 7 MPI Mediation is a software process that searches and locates patient records across different MPIs. HL7 is an accredited standards organization and has established a Special Interest Group to further develop this process.

Positive aspects of using an MPI system include no needed changes to implement a unique idrentifier system and reduced costs since existing numbers would continue to be used. The numbers would be accessible and assignable. Negative aspects are many and include lack of focus on health care, not being content-free, permanent, unique or unambiguous.

Identification systems can be based on existing medical record numbers with the addition of a Practitioner Prefix. The 2 position prefix would identify a practitioner that maintains medical records on that patient - the medical record number would identify the individual's record within that practitioner's database. The patient would designate one practitioner to have primary responsibility for linking and updating information in his/her record. This idea has not been piloted or tested. Positive and negative aspects exist for this system as well.

Hybrid proposals for development of a unique identifier also exist. These include the UHID/SSA proposal and Veterans Health Administration models. The UHID/SSA identifier would have the same structure as the UHID previously discussed - a sequential number that identifies an individual uniquely, delimiter, check digits and an encryption scheme identifier. The lengths of each of these components are not specified. The SSA becomes the trusted authority for providing infrastructure and maintenance of the system. Improvements in the SSA and SSN system would need to be made as discussed before. The unique health identifier would not be placed on the SSN card. The relative cost of adding a unique health identifier to SSA records would be low.

The Veterans Health Administration model is being pilot tested. This system involves use of an MPI within the VA system and the assignment of a unique identifier based on the sample UHID (called an Integration Control Number [ICN] within the VA system).

Cryptography methods have been reviewed and considered. Cryptography is the art of keeping data secret through the use of logical or mathematical functions applied to data, initially to make it unintelligible, and then to transform it back. This is a means of protecting identifiers through the encryption process. Encryption is a two key system - data is encoded with one key and decoded using the second key (only those with both keys would know a patient's identity).The obvious limitation of this system involves getting an infrastructure in place that would support and distribute the keys to everyone in the population who would need to have them.

Implementation issues of any system needing further consideration have been discussed but include:

• - The use of temporary identifiers for those whose identity cannot be quickly and positively identified
• - Encryption of the identifier
• - Length of the identifier
• - Use of check digits (are they necessary, what is the best scheme?)
• - The implementation and transition process for providers and health plans
• - Costs of SSN reverification (several billion dollars)
• - Costs to implement a new identifier for individuals
• - Compatibility with evolving technologies
• - Nature of system infrastructure, availability and access
• - Policies and procedures for assignment of identifiers for individuals
• - Time frame for implementation
• - Relationship of other HIPAA standards to identifier for individuals

Standards for transmission of electronic data required by HIPAA will likely be adopted before the standard for a unique healthcare identifier, given the issues and differences of opinion discussed here. What are the implications of this and should the time frame for the identifier be related to the passage of privacy legislation?

TABLE OF CONTENTS