iCommerce.com Corporation
eCommerce


Search our
entire site
Enter your search
terms below, or visit
our search page



Search case
studies only
Enter your search
terms below:




For the table
of contents and
hyperlinks to
general topics
proceed to toc



























JHITA Legislative/Regulatory Issues Report                                                       February 1, 1999


1. A summary of the issue.
2. An overview identifying a number of proposed Identifiers as well as their pros and cons. It is hoped that you will find the overview to be quite informative and it is therefore quite long.
3. A request for case studies documenting the positive use of Identifiers by operating health care entities.

SUMMARY
On July 6, 1998, the Department of Health and Human Services (HHS) and the Health Care Financing Administration (HCFA) published a Notice of Intent to address the National Health Identifier for Individuals (NHII). The NHII is also referred to as a unique patient identifier or a universal patient identifier. The NHII was among the identifiers included in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA requires HHS to adopt standards to support the electronic exchange of a variety of administrative and financial health care transactions, including a unique identifier for individuals. The identifier for individuals will apply to all health plans, health care clearinghouses, and health care providers who elect to conduct the specified transactions electronically.
Since the Notice of Intent was published in July, no further action has been taken by HHS to issue a proposed rule for the identifier. Many in industry and in Congress questioned the appropriateness and timeliness of a unique identifier before the confidentiality provisions in the HIPAA legislation have been addressed. The National Committee on Vital and Health Statistics recommended to HHS that the unique identifier be considered only after confidentiality legislation has been passed in Congress. However, if Congress does not enact confidentiality legislation within 36 months of the bill’s enactment (August 20, 1999), the Secretary must issue final regulations on confidentiality standards within 42 months of the bill’s enactment (February 20, 2000). Congress stated in the Fiscal Year 1999 Omnibus Supplemental that HHS could not use any funds to continue their work on a unique identifier, which ensures that nothing will be done until Congress revisits this issue during the 106th Congress. The areas in question include:

  • confidentiality and privacy concerns,
  • principles that should underlie the choice and implementation of an identifier,
  • uses of the identifier,
  • legal protection for health information,
  • the model to be used for the identifier,
  • cost associated with transition to a new identifier and who should pay for those costs, and
  • implementation issues and how they should be addressed.

The Notice of Intent serves as a vehicle to discuss and analyze the proposals that have been offered to date. The following compilation of unique identifier proposals is based largely on the proposals provided in the Notice of Intent. In addition, an analysis of the identifier proposals incorporated into a document that was provided to HHS and prepared by Solomon Appavu was also referenced frequently in the comparison of identifiers. Unless stated otherwise, the information provided below was taken from the Notice of Intent. You may view the entire Notice of Intent at
http://aspe.os.dhhs.gov/admnsimp/nprm/noiwp1.htm.
JHITA wishes to develop a position on the unique patient identifier by first thoroughly analyzing various identifier proposals and documenting in the form of case studies instances in which the use of such an identifier have proven particularly beneficial.
Back to the top

OVERVIEW   I. UNIQUE IDENTIFIER PROPOSALS BASED ON THE SOCIAL SECURITY NUMBER (SSN) A. IDENTIFIER – Unenhanced SSN

DESCRIPTION 

  • Commonly used in many institutions to identify individuals.
  • Aministered by the Social Security Administration.

POSITIVE ASPECTS/STRENGTHS 

  • The SSN is readily available to most of the public.
  • The cost of implementing the unique health identifier for individuals would be minimized, because many data systems already capture the SSN or use it as a key identifier, and these would not have to be modified.
  • The SSN is the current de facto identifier. People are accustomed to using their SSN as an identifier in a number of circumstances and would not be required to adjust to change.
  • Prospectively, the SSN has good potential for serving as an accurate, unique identifier for most individuals enumerated under the new processes discussed above.
  • The Government would bear the cost without having to create a new system.

NEGATIVE ASPECTS/WEAKNESSES 

  • SSNs have no check digit feature. A check digit is the result obtained by applying an algorithm to a number, such as the SSN, to detect keying or transmission errors. One of the major difficulties identified by systems using SSNs is the frequent transposition of numbers during data entry.
  • SSNs would not provide for the universe of patients, because some people are not eligible for SSNs and others choose not to obtain one. A mechanism to assign substitute numbers without duplication would need to be created.
  • The same SSN is sometimes erroneously used by more than one person.
  • Some people legitimately have more than one SSN. The SSA will assign multiple SSNs to a person in certain circumstances, for example, when a person is being disadvantaged by the misuse of his/her SSN, or when the person is being harassed, abused or endangered and his/her SSN played a role in the harassment, abuse or life endangerment. The SSA cross references these multiple SSNs.
  • In the event that a person needs health care but cannot give the SSN to the provider, a mechanism for issuing a temporary identifier, and later merging it with SSN identification, would have to be created.
  • There are no legal requirements for the many non-Federal users of SSNs as identifiers to keep the number confidential or to limit its use. Protection of the SSN as a health care identifier would be unenforceable.
  • A mechanism for health care providers to verify the authenticity of an SSN when it is presented as evidence of identity would need to be created.
  • The SSN is not under control of the health care industry, and changes that may be made to benefit one of the many other uses of the SSN may not be beneficial for health care.
  • SSNs are easy to counterfeit because allowable entries are well known. Because SSNs are so widely used, obtaining and using someone else’s number is relatively easy. This could affect the accuracy of records linked using this identifier.
  • The Medicare identifier currently consists of the SSN of the wage earner on whom benefits are based, plus a suffix to designate the beneficiary’s relationship to the wage earner. People who receive benefits based on a spouse’s earnings are identified by the spouse’s SSN (plus a suffix) rather than their own. The use of the wage earner’s SSN could cause a commingling of medical records that are linked based on SSNs.
  • SSNs are not available at birth for use by the birth hospital and no system is available for providing temporary SSNs.

B. IDENTIFIER - Proposal of the Computer-Based Record Institute 

DESCRIPTION 

  • Proposed an identifier based on the SSN, with an addition of a check digit
  • Published a position paper in 1993.
  • Published an action plan in 1996.
  • Calls for the enactment of legislation to fund and task the SSA to add a check digit to the SSN and modify the process of issuing SSNs so it can be used as the unique health identifier.
  • Must be an authentication algorithm used to establish the identity and authority of the organization requesting a number.
  • Calls for the enactment of federal preemptive legislation to provide uniform protection of the confidentiality of health information, as called for in HIPAA.
  • Develop and promote a public education program outlining the importance of a unique health identifier and describing how access to individually identifiable health information will be protected and controlled.

POSITIVE ASPECTS/STRENGTHS 
 

          • Notice of Intent
  • The addition of a check digit may be a valuable incremental improvement to the SSN (but would increase cost and affect formats in systems now using the SSN).
  • The enhancements that are a part of the CPRI proposal would provide greater privacy protections than the SSN alone without the cost of an entirely new identifier system.

  •  
          • NCVHS Document 
             
  • The CPRI proposal meets:

  • a) almost all of the ASTM Conceptual Characteristics (of the 30 requirements, fully meets 27 and partly meets 1),
    b) all of the Operational Characteristics, 
    c) Unique Patient Identifier Component requirements and
    d) Basic Functions Criteria. 
  • The Enhanced SSN's strength also includes:

  • a) Existing infrastructure
    b) Trained staff 
    c) Policies, procedures and guidelines in place
    d) Ongoing improvements by the SSA
  • Proposed enhancements to eliminate deficiencies and

  • improve capabilities include:
    a) encryption scheme
    b) addition of check-digits
    c) improvement to issuing procedures
    d) clean-up of existing duplications, multiple assignments and other errors.
    e) confidentiality and security measures
    f) legislation to prevent misuse and discrimination
    g) mechanism to handle patients without SSN
    h) temporary ID for emergency use
    i) change in the format to facilitate capacity
  • Several approaches described in the ASTM Guide including the encryption scheme can be used in conjunction with the Enhanced SSN to yield the same benefit as a UHID (e.g. multiple Encrypted IDs with links to the Enhanced SSN).
  • Already used by 20% of the public.
  • Least expensive to implement.
  • Relatively easy to adopt – people are used to it and systems are accustomed to handling it.
  • Speed of implementation.
  • According to Harris poll, the majority of the American population and organizational leaders favor SSN as a patient identifier.

NEGATIVE ASPECTS/WEAKNESSES 

Notice of Intent 

  • Many of the negative aspects of the Unenhanced SSN (for example, no authenticating feature, Medicare ID of wage earner used, no mechanism for issuing temporary SSNs) carry over to this proposal due to their similarities.
  • The referenced changes to the SSN issuance process are not detailed in the proposal, but would be significant, and the time, effort, and cost to make the changes have not been quantified.
  • The changes to expand and improve the issuance process and re-verify SSNs to clean up errors, as specified in the Action Plan, would make the proposal very costly.
  • It is unclear how proposed legislation could or should protect health information identified by the SSN from being linked with other information systems that already use the SSN as the basic identifier.

NCVHS Document

  • Incomplete and delayed issue of SSN at birth (Enumeration at Birth): Connecticut, Rhode Island, Oklahoma, Alaska and California are not participating in the current "Enumeration at Birth" program.
  • Typical time required to obtain a SSN is measured in weeks rather than "minutes" required by healthcare.
  • No provision for the use of temporary numbers.
  • Error level: significant percentage of error level exists in SSNs.
  • Check digits: The SSN system was designed before the computer era. Therefore, no provision such as check-digit was made to check the errors.
  • No mechanism to use the SSN in a non-identifiable manner.
  • Not healthcare focused - control of the SSN is vested in organizations which are not driven by the needs of healthcare.
  • About 10 million individuals in the U.S. do not have the SSN. Illegal aliens and visitors do not possess SSN. Illegal aliens, without SSN, seeking delayed care due to fear, can increase healthcare cost.
  • SSN does not have exit control (upon death or permanently leaving the country)
  • SSN lacks flexibility due to the block structure (XXX-XX-XXXX). It does not have sufficient digits to handle the identification need for a foreseeable future.
  • There are often multiple holders of the same SSN (less well-informed immigrant households). About 4 million individuals are estimated to have multiple SSNs.
  • Lacks ability to provide retroactive legal protection (SSN too widely used already).
  • The SSN is in extraordinarily wide use as a personal identifier. It has the potential for linkage with non-healthcare data bases.
  • The allowable entries in each of the three groups in an SSN are well known. Therefore, it is easy to counterfeit an SSN.

C. IDENTIFIER – Alternate to the SSN 

DESCRIPTION 

  • Proposes using the SSN as an identifier for those individuals to whom it is acceptable, but offer an alternate identifier to others (who have privacy concerns).
  • Alternate identifier would be a 9-position identifier and would not be the same as any current or future SSN.
  • Would be restricted to the limited number of such alternate numbers available.

POSITIVE ASPECTS/STRENGTHS 

  • Since the alternate identifier would be the same length as the SSN, it could be used in any record structures that carry the SSN.

NEGATIVE APSECTS/WEAKNESSES 

  • A potential stigma could be attached to the alternate identifier -- a request for the identifier might be interpreted to mean that the individual has something to hide.
  • Additional infrastructure would be required to assign the alternate identifier (ensuring, for example, that duplicate numbers are not assigned). This would increase the complexity and cost, compared to the proposal for the unenhanced SSN.
  • Given the choice, significant numbers of individuals would likely request the alternate identifier. If the numbers of individuals became too large, the alternate identifier might be required to have one or more alphanumeric characters to handle the increased number of identifiers needed. This, in turn, would likely require changes to data systems, including the internal systems maintained by providers and plans.

D. IDENTIFIER – The Computer Healthcare Identifier (CHID) 

DESCRIPTION 

  • A new identifier would be computed from the SSN
  • Proposal does not require changes in SSNs or in SSA’s processes.
  • Assigned by healthcare provider or health plans.
  • Each validated health plan and health care provider would be provided a standard encryption algorithm for the purpose of converting a patient’s existing SSN into another, private number.
  • Algorithm performs a one-way mathematical function – with highspeed computing can be done in a fraction of a second.
  • The resulting unique number will always be the same no matter what entity is computing it.
  • The number would contain a check digit used to distinguish valid from invalid numbers.
  • Unique temporary numbers or identifiers for people ineligible for an SSN would be issued on demand by a healthcare provider or plan from a national computer system.
  • Has not been piloted and no cost estimates are available.
  • POSITIVE ASPECTS/STRENGTHS 
     
  • The proposal would not involve the SSA or require any changes in the current process of assigning SSNs, although it would benefit from any improvements the SSA makes in its enumeration system over time, as described above.
  • The CHID would be guaranteed mathematically to be unique. The "trap door" algorithm, which would be used to generate the CHID from the SSN, is one that is irreversible (the mathematical process could not be reversed to derive SSN from CHID), thereby impeding attempts to calculate the SSN from the computed identifier.
  • The linking of the SSN and computed health identifiers for purposes other than health care or other authorized uses could be prohibited by regulation. Thus, health records could not be linked easily with other information using the SSN as the identifier, a major drawback of using the SSN itself as the identifier.
  • The CHID would be less expensive to implement than a system to create a totally new number, although no cost estimates are available. The new number that would be computed from, but not linkable back to, the SSN would require a relatively small expense to taxpayers to distribute the encryption keys. The identifiers would be distributed by plans and providers as needed.
  • The CHID could address privacy concerns because it makes linkage to other records using the SSN more difficult.
  • Severe criminal penalties exist in current law for unauthorized uses of any health identifier; misuse of the algorithm used to create the numbers could be brought under the same penalty by regulation.
  • The infrastructure would be smaller than that required for a new trusted authority to issue and administer a totally new identifier.
  • The CHID can be validated with a check digit program.

NEGATIVE APSECTS/WEAKNESSES 

  • Since this identifier is based on the SSN, many of the current problems with SSNs would not be addressed unless and until the SSA re-verifies the SSNs.
  • Because the algorithm would have wide distribution, it is likely to become publicly known within some relatively short period despite legal sanctions against disclosure, and thereafter it would be a relatively simple matter to

  • compute the health identifier from an individual’s SSN.
  • Anyone with access to the algorithm who wanted to link the health care identifier with the SSN could, theoretically,take the one billion 9-digit numbers that include all potential SSNs, apply the algorithm, and generate a database of all health identifiers, each linked to its corresponding SSN.
  • No infrastructure currently exists to support appropriate linkages of encrypted versions of the CHID back to the original CHID.
  • The cost to the industry to modify its systems and add an identifier that is longer than identifiers commonly in use, most likely 16 characters, would be significant.
  • An infrastructure would be required to manage temporary identifiers and  identifiers for those individuals who have no SSN. Although this would be smaller than the infrastructure required for many other proposals, its cost could still be significant.

  •  
    II. IDENTIFIERS NOT BASED ON THE SSN

A. IDENTIFIER – The ASTM Sample UHID 

DESCRIPTION 

  • UHID is designed with a length up to 29 characters
  • The number is constructed from four parts: (a) a 16-digit sequential number that identifies an individual uniquely, (b) a delimiter (defined as a single character, such as a period, that denotes the boundary between two digits or characters) that separates the 16-digit number from the check digits and encryption scheme identifier that follow, (c) 6 check digits, and (d) a 6-digit encryption scheme identifier, if the number has been encrypted.
  • If the UHID does not need to be encrypted, the last six digits can be valued as "000000" or omitted entirely.
  • Proposal does not describe implementation.

POSITIVE ASPECTS/STRENGTHS  Notice of Intent – Positive Aspects

  • This proposal meets the requirement of HIPAA for a standard, unique health identifier for each individual.
  • It incorporates check digit and encryption capabilities.
  • It could restrict the identifier to health care and other desirable uses that can be protected with legislation.

NCVHS Document – Strengths

  • Meets almost all of the ASTM conceptual characteristics (of the 30 requirements, fully meets 25 and partly meets 1).
  • The Sample UHID is a new choice with a new start without known defects or limitations.
  • Avoids crossover problems from an existing system that need to be corrected or those that cannot be corrected retrospectively.
  • A six (6) digit check-digit to assure high degree of accuracy.
  • Encryption scheme that permits multiple UHIDs to protect the confidentiality of patient information.
  • Provides an opportunity to design an identification system that will fully take advantage of existing technology.
  • Offers capacity to handle the nation's population for a foreseeable future.

NEGATIVE ASPECTS  Notice of Intent – Negative Aspects

  • The cost to the industry to modify its systems and add another, longer identifier would be significant.
  • As a new number, it would require new or additional infrastructure support to issue and maintain it. Establishing such a new infrastructure for national implementation could be prohibitively expensive and would need to be

  • weighed against the advantages.

NCVHS Document - Weaknesses

  • Does not meet three of five operational characteristics and does not fully address the fourth characteristic.
  • Meets only two of the six identifier component requirements.
  • Length of the ASTM Sample UHID makes it less user-friendly for manual computation and transcription and is subject to human errors.
  • UHID may be less user-friendly for functions such as current medical record keeping functions, personal interactions, verbal communications and coordination of multi-disciplinary team work, etc.
  • Untested - implementing a brand new system nationwide that has not been tested has inherent risk for its success.
  • Lack of existing infrastructure, plan and procedures - The Sample UHID requires the development of an implementation plan for the establishment of necessary infrastructure including the trusted authority, definition of its

  • power, organizational structure and operating procedures.
  • Significant cost - planning, design, development and implementation of the Sample UHID proposal will require substantial investment of resources, a huge effort and a longer time frame than enhancing an existing identification system.

B. IDENTIFIER – Biometric

DESCRIPTION 

  • Based on unique physical attributes, including fingerprints, retinal pattern analysis, iris scan, voice pattern identification and DNA analysis.
  • Individual must be present for issuance and verification of identifier.
  • Issuance and verification requires special equipment to scan or read special attributes.
  • Biometrics are used in government agencies, such as law enforcement and immigration.
  • Biometric information can be stored in digitized form in electronic records and on identification cards.
  • Biometric identifiers are not widely used as health identifiers.

POSITIVE ASPECTS/STRENGTHS  Notice of Intent – Positive Aspects

  • Biometric identifiers can uniquely and positively identify the patient.

NCVHS Document - Strengths

  • The Unique Patient Identifier based on Biometrics meets most of the ASTM conceptual characteristics (of the 30 requirements, fully meets 20 and partially meets 3).
  • It has the potential to provide positive identification of the patient.
  • It avoids crossover problems from an existing system that need to be remedied or those that cannot be corrected retrospectively.

NEGATIVE ASPECTS/WEAKNESSES  Notice of Intent – Negative Aspects

  • There is currently no infrastructure to issue the identifiers or maintain them nationally.
  • Special equipment must be present when the identifiers are issued or verified.
  • The special equipment needed would add to the cost of this option.
  • The patient must be present when the identifier is issued or verified. It has been estimated that 80 percent of the times when patient records need to be accessed, the patient is not physically present; for example, when the patient telephones the provider for consultation.
  • The biometric identifier would need to be digitized in order to be used for administrative simplification. Digitized images would require large amounts of storage.
  • Some biometric attributes can change due to age, injury, or disease.
  • Biometric identifiers such as fingerprints and deoxyribonucleic acid (DNA) profiles are commonly used in law enforcement and judicial evidence. If these kinds of identifiers were also used for health care, it might be difficult to prevent linkages that would be punitive or would compromise patient privacy.

NCVHS Document – Weaknesses

  • The Unique Patient Identifier based on Biometrics in its current form does not meet three of the five operational characteristics and the fourth one is not fully addressed.
  • It does not meet four of the six identifier components requirements and the remaining two are not addressed adequately.
  • Verification of the identifier requires special equipment, computer software, and expertise (DNA analysis, Finger Print, Retina Scan, etc.).
  • Verification process for the identifier requires longer period of time (DNA analysis, Finger Print, Retina Scan, etc.) and can affect the timely delivery of care.
  • Biometric Identification is generally considered cumbersome and time consuming to issue, maintain and use. It requires longer time period to implement than other options.
  • Since the Biometric Identifier contains an individual's personal characteristics and information, the risk of violation of privacy and confidentiality is greater than that of other options.
  • While Biometric Identifiers have proven to be a good option for Law Enforcement and Immigration and Naturalization departments, its potential for identifying individuals, linking and aggregating patient information from multiple provider organizations for the purpose of delivering care or research will depend upon its design which is yet to be planned and developed.
  • Untested - implementing a brand new system nationwide that has not been proven in healthcare industry has inherent risk for its success.
  • The required technology infrastructure and administrative structures need to be established.
  • The method requires creation of a Central Trusted Authority, development of its organizational structure and operating procedures, definition of its authority and an implementation plan.
  • Overcoming/solving the above weaknesses will require a substantial investment of money, huge effort and a longer time frame.

C. IDENTIFIER – Personal Immutable Properties 

DESCRIPTION 

  • As described by the ANSI HISB Inventory of Standards.
  • Designed as a 19-digit number, although a method of compressing it to a 10-digit identifier by expressing it as a base 34 number was described.
  • Would have 3 immutable values, plus a check digit, with each separated by a delimiter.
  • The first value is a 6-digit geopgraphic code based on degrees of longitude and latitude.
  • The third value is a 5-digit sequence number assigned by an area jurisdiction, with an international registry administered by an organization such as the World Health Organization.
  • Temporary assignments would have a leading "T".
  • In general, the proposals based on personal immutable properties involve an identifier based on a combination of a person’s characteristics that would not change (for example, birth name, date of birth, place of birth, gender, mother’s maiden name).

POSITIVE ASPECTS/STRENGTHS  Notice of Intent – Positive Aspects

  • Under some of the proposals, a person would not have to remember a new number, since the identifier would contain known elements.

NCVHS Document – Strengths

  • The Unique Patient Identifier based on Personal Immutable Characteristics meets most of the conceptual characteristics of ASTM (of the 30 requirements, fully meets 23 and partly meets 1).
  • It is a new choice that provides a new start and can be designed to exclude known defects or limitations.
  • It provides an opportunity to design, develop and implement a system to accurately meet the healthcare industry's need.
  • It avoids crossover problems from an existing system that need to be fixed or those that cannot be fixed retrospectively.

NEGATIVE ASPECTS/WEAKNESSES  Notice of Intent – Negative Aspects

  • All of the proposals concerning Personal Immutable Properties would require the creation of a new system for assigning and maintaining the number. None included a description of a cost-effective infrastructure to administer the system.
  • None of these proposals provided a method of ensuring that the person presenting the identifier was the person to whom the number was assigned.
  • An individual’s unique identifier possibly could be assembled by someone who knows personal details about the individual and then could be used fraudulently.

                   NCVHS Document – Weaknesses  

  • The Unique Patient Identifier based on Personal Immutable Characteristics in its current form does not meet three of the five operational characteristics and the fourth is not fully addressed.
  • It does not meet four of the six identifier components requirements and a fifth is not addressed adequately.
  • It remains only as a concept and its fruition will depend on significant planning, preparation, specification development, design, testing and implementation.
  • Untested - implementing a brand new system nationwide that has not been proven has inherent risk for its success.
  • The required technology infrastructure and administrative structures need to be established.
  • The method also will require the development of an implementation plan, creation of the necessary operating procedures, the definition of power and organizational structure of the Local/Central Trusted Authority, and the role

  • of the World Health Organization (WHO), if any.
  • The Unique Patient Identifier based on Personal Immutable Characteristics is not content-free. It contains the patient's date of birth and place of birth.
  • Development and implementation of this new method, after overcoming the above weakness require a huge investment of financial resources, substantial effort and time.

D. IDENTIFIER – Civil Registration System 

DESCRIPTION

  • Proposal uses records established in the current system of civil registration as the basis to assign a unique, unchanging 16-position randomly-generated (in base10 or 16 identifier).
  • Uniqueness would be established based on data, such as name, date of birth, place of birth, and mother’s first name, present in the civil records.
  • 16-digit identifier would link person’s human services to medical treatments.
  • A system would be developed to track these and other encounters with the civil system.
  • To guard against unauthorized access of records and to ensure voluntary participation of tracking, the individual would choose a personal identification number (PIN).
  • Has not been pilot tested and no cost estimates are available.

POSITIVE ASPECTS/STRENGTHS

  • This proposal meets the requirement of HIPAA for a standard, unique health identifier for each individual.

NEGATIVE ASPECTS/WEAKNESSES  

  • This proposal would not allow for an identifier whose use could be specifically limited to health care and appropriate related uses.
  • The coordination that would be required among the State-based birth registration agencies (which do not operate in a uniform way) would be a major barrier to the implementation of this proposal.
  • The cost of implementing this entirely new system would be high because of the need for a new infrastructure.
  • Any system that tracks all health and human service encounters would be likely to raise very strong privacy objections.

E. IDENTIFIER – Bank Card Method  

DESCRIPTION  NCVHS Document

  • Dr. Willis Ware from Rand is the proponent of this method.
  • Identifier would consist of a) a 13 to 15 digit identifier with a set of digits to identify the practitioner or the medical group, b) another set of digits to identify payers, and c) a set a digits to identify conditions, such as allergies, disease, etc.
  • The proposal includes a credit card-type plastic card as the identification medium with an authenticator such as mother’s maiden name or date of birth "woven" into the card along with the individual’s name as a easily read identifier for convenience.
  • Recently, Dr. Ware has indicated that ne now prefers the smart card in place of Back Card as the medium and recommended against the inclusion of any patient care information in the card or the identifier.

POSITIVE ASPECTS/STRENGTHS   NCVHS Document – Strengths

  • Meets almost all of the ASTM conceptual characteristics (of the 30 requirements, fully meets 27).
  • The Bank Card Method is a new choice and can be designed to exclude known defects or limitations.
  • It provides an opportunity to develop the required specifications and design precisely for the system to efficiently meet the industry's need.
  • It avoids crossover problems from an existing system that need to be remedied or those that cannot be corrected retrospectively.
  • The financial industry has demonstrated success with the plastic card identification systems.
  • The experience, know-how and the capability to implement such a system is already in the private sector.
  • The necessary technology such as inexpensive card readers that respond to keystrokes or magnetic-stripe, printers etc. has already been developed.

NEGATIVE ASPECTS/WEAKNESSES   NCVHS Document – Weaknesses

  • Does not meet three of the five operational characteristics and does not fully address the fourth characteristic.
  • Does not meet the six identifier component requirements, including the format of the identifier (number of digits) pending development of an RFP.
  • Currently, the Bank Card Method remains only as a concept and its fruition depends upon significant planning, preparation, specification, design and development.
  • The purpose and scope of Bank Card is limited. It is used for querying balance, seeking credit approval, transmitting credit or debit transactions. All transactions are handled by the same financial institution that issued the card. While it is a good model for handling financial transactions, its potential for identifying individuals, linking and aggregating patient information from multiple provider organizations for the purpose of delivering care or research will depend on its design which is yet to be planned and developed.
  • Untested - implementing a brand new system nationwide has inherent risk for its success.
  • The required technology infrastructure and various administrative structures need to be established.
  • The method requires creation of a Central Trusted Authority, development of its organizational structure and operating procedures, definition of its authority and an implementation plan.
  • Overcoming/solving the above weaknesses will require a substantial investment of money, huge effort and a longer time frame than enhancing an existing identification system.

F. IDENTIFIER – Lifetime Human Service & Treatment Record (LHSTR) Number Based on Birth Certificate  

DESCRIPTION   NCVHS Document

  • Recommended by Edward Hernandez, Bureau of Records and Statistics, San Francisco Department of Public Health.
  • Birth certificates are personally specific and uniquely enumerated.
  • Proposal consists of linking birth documents to a randomly assigned 16-digit number.
  • The method includes a six-digit check-digit verification and a public-key/private-key based encryption on an as needed basis.
  • Three tier approach:

  • First order of documents - a set of seven core data elements;
    Second order of documents – includes a longitudinal component supplementing the basic record to corroborate over time to protect against error or fraud of the association between the individual and the record; and
    Third order of documents – consists of medical or social service record.
  • Purpose is to facilitate event-by-event tracking of all health and human services provided to an individual on an explicit and consensual basis.

POSITIVE ASPECTS/STRENGTHS  NCVHS Document – Strengths

  • The LHSTR Number meets most of the ASTM conceptual characteristics effectively (of the 30 requirements, fully meets 24 and partly meets 2).
  • It meets three of the five operational characteristics.
  • It meets four of the six identifier components' requirements. It also meets the fifth one partially.
  • It meets both the basic functions criteria and the privacy, confidentiality and security criteria effectively.
  • Avoids crossover problems from an existing system that need to be corrected or those that cannot be corrected retrospectively.
  • The three (3) components of the civil registration namely, birthing hospital registries, the official report of birth and the alien registration documents together have the maximum potential to enumerate all individuals living in the nation for the issue of the 16 digit LHSTR Number.
  • The three (3) level data segments that support the LHSTR Number can provide both a reliable identification with a high degree of accuracy and the necessary information about a patient's previous episodes of care and medical records relating to them.
  • This is the only option that provides patient participation with PIN security.
  • Provides an opportunity to design an identification system that can take advantage of emerging technologies and available resources.
  • Offers capacity to handle the nation's population for a foreseeable future.

NEGATIVE ASPECTS/WEAKNESSES   NCVHS Document – Weaknesses

  • LHSTR Number is at a conceptual level.
  • Untested - implementing a brand new system nationwide has inherent risk for its success.
  • Lack of existing infrastructure - technology and administration infrastructures need to be established afresh.
  • Lack of existing plan and procedures - LHSTR Number requires the development of an implementation plan for the establishment of necessary infrastructure including the establishment of a trusted authority, definition of its power, organizational structure, operating procedures, etc.
  • Significant cost - planning, design, development and implementation of the LHSTR Number will require a substantial investment of resources, a huge effort and a longer time frame.

II. PROPOSALS THAT DO NOT REQUIRE UNIVERSAL, UNIQUE IDENTIFIERS

A. IDENTIFIER – Identification Methods Based on the Master Patient Index Concept  

DESCRIPTION 

  • The MPI is a commonly used system in healthcare that links a patient medical record number with a limited set of common identification elements known to a patient, such as patient first/last name, sex, birth date, SSN and mother’s maiden name.
  • Individual provides common elements. The MPI system matches the common data elements across its index to identify the patient’s medical record number, which is required to retrieve medical record.
  • System is already successfully used in many sites.
  • Other proposals based on the MPI include:

  • 1. Directory Service, 
    2. Common Object Request Broker Architecture, Healthcare Domain Task Force (CORBAmed) Person Identification Service (PIDS),
    3. Health Level Seven (HL7) Master Patient Index Mediator and,
    4. Sequoia Software Award for Research and Development of a National Mater Patient Index.
  • Other than the MPI, the other proposals have not been piloted and no cost estimates are available.

POSITIVE ASPECTS/STRENGTHS  Notice of Intent

  • These proposals would not require any changes to implement a unique health identifier. Existing numbering systems would continue to be used, reducing costs associated with changing over to a unique health identifier.

NCVHS Document

Directory Service:

  • Uses patient's social and human characteristics and does not require the implementation of a Unique Patient Identifier.
  • Eliminates the effort, time and investment that will be required for developing and implementing a new identifier.

COBRAMed Patient Identification System:

  • Uses patient's demographic information and available identifier information to search and match patients, it does not mandate the implementation of a Unique Patient Identifier.
  • Eliminates the effort, time and investment that are required for developing and implementing a new identifier.

HL7 Master Patient Index Mediator:

  • Uses patient's demographic information and available identifiers to search and match patients and does not mandate the use of a Unique Patient Identifier, although it will be helped by it.
  • Eliminates the effort, time and investment that will be required for developing and implementing a new identifier.

NEGATIVE ASPECTS/WEAKNESSES  Notice of Intent

  • These proposals would not provide a unique health identifier that could be used, for example, on a health insurance claim or to label a laboratory vial.
  • These proposals depend upon search, match, and link functions that have not been implemented in the health system on a national scale.
  • These proposals depend upon provider organizations’ participation in the processes to update directories and to link and match information.
  • These proposals require development of processes that can protect individual privacy while permitting searches and matches based on personal characteristics.
  • Matching depends upon the probability that records having certain data characteristics in common belong to the same individual. Human intervention is required in some cases to confirm the final match.
  • Those proposals depend to some extent on new technology that has not been tested on a national scale.

NCVHS Document

Directory Service:

  • Not a Unique Patient Identifier and does not meet the ASTM conceptual characteristics of UHID (meets only 3 of the 30 requirements).
  • Does not meet the five Unique Patient Identifier's operational characteristics
  • Does not meet any of the Unique Patient Identifier Component requirements
  • Does not meet most of the Unique Patient Identifier's basic functional requirements. The focus is mainly on searching and matching patient record with the use of available identification information and identifiers
  • The search is limited to participating locations.
  • Requires:

  • a)Prior knowledge of record location and sufficient identification information. The more the availability of patient identification information the greater the success.
    b) Provider organization's participation in the Directory Service and permission for searching for the patient, patient identifier, patient information by another computer system.
    c) Adequate security arrangements for searching and exchanging patient information.
    d) Development and implementation of a powerful and reliable searching and matching algorithms.
  • The probabilistic matching utilized by software approaches does not assure 100% result. Discrepancies may require human intervention for resolution.
  • Currently, the Directory Service is in the preliminary stage and its fruition depends on significant planning, specification design and development.
  • The method requires the development of an implementation plan and creation of necessary operating procedures, etc.

COBRAMed Patient Identification System:

  • Not a Unique Patient Identifier and does not meet the ASTM conceptual characteristics of UHID (meets only 3 of the 30 requirements).
  • Does not meet three of the five Unique Patient Identifier's operational characteristics and only partially meets the remaining two characteristics.
  • Does not meet any of the Unique Patient Identifier Components' requirements.
  • Does not meet most of the Unique Patient Identifier Basic Functions requirements. The focus is mainly on MPI to MPI communication.
  • The search is limited to participating locations.
  • Does not perform search for sites of care/record location.
  • Requires:

  • a) prior knowledge of record location and sufficient identification information. More the availability of patient identification information the greater the success.
    b) provider organization's participation in the CORBAMed project and their authorization for searching the patient, patient identifier and patient information by another computer system.
    c) adequate security arrangements for searching and exchanging patient information.
    d) development and implementation of powerful and reliable searching and matching algorithms.
  • The probabilistic matching does not assure 100% result. Discrepancies may require human intervention for resolution.
  • Currently, the CORBAMed PIDS is in the RFP process and for most part remains as a concept. Its fruition will depend upon significant planning, preparation, specification, design and development.
  • Untested - implementing a brand new system nationwide that has not been proven in healthcare industry has inherent risk for its success.
  • The method requires the development of an implementation plan and creation of necessary operating procedures.

HL& Master Patient Index Mediator:

  • Not a Unique Patient Identifier and does not meet the ASTM conceptual characteristics of UHID.(meets only 3 of the 30 requirements).
  • Does not meet the five Unique Patient Identifier's operational characteristics.
  • Does not meet any of the Unique Patient Identifier Components' requirements.
  • Does not meet most of the Unique Patient Identifier's basic functional requirements. The focus is mainly on cross-referencing existing internal and external identifiers
  • The search will be limited to participating locations.
  • Does not perform search for sites of care/record locations.
  • Requires:

  • a) Prior knowledge of record location and sufficient identification information. The more the availability of patient identification information, the greater the success.
    b) Provider organization's participation in the HL7 Mediation and authorization for searching for the patient, patient identifier and patient information by another computer system.
    c) Adequate security arrangements for searching and exchanging patient information.
    d) Development and implementation of powerful and reliable searching and matching algorithms.
  • The probabilistic matching utilized by software approaches does not assure 100% result. Discrepancies may require human intervention for resolution
  • Currently, the HL7 Mediation is in the preliminary stage and its fruition depends on significant planning, specification, design and development.
  • The method requires development of an implementation plan and creation of necessary operating procedures, etc.

B. IDENTIFIER – Identification System Based on Existing Medical Record Numbers with a Practitioner Prefix  

DECRIPTION  Notice of Intent

  • Proposal was listed in the ANSI HISB inventory.
  • Calls for practitioner prefix to be added to the medical record number.
  • The medical record is unique only within the provider organization.
  • The two-position practitioner prefix would indicate a practitioner that maintains medical records on the individual.
  • The individual would designate one practitioner that would have primary responsibility for linking and updating the information in the individual medical record.
  • Has not been piloted and no cost estimates are available.

NCVHS Document

  • Proposal by Peter Weagaman of the Medical Record Institute.
  • No mandate for a Unique Patient Identifier.
  • No change to the current practice of patient identification.
  • A recommended DHHS mandate to the primary care physician to be the curator for linking and updating of patient information from multiple treatment locations.
  • Use of technology for linking and updating information from multiple locations without a Unique Patient Identifier.

POSITIVE ASPECTS/STRENGTHS  

Notice of Intent Proposal – Positive Aspects 

  • This candidate would not require implementation of a unique health identifier and its related infrastructure. Existing numbering systems would continue to be used.
  • A central trusted authority would not be needed.
  • Implementation costs would be low.
  • The addition of the practitioner prefix would minimize situations in which the same medical record number is used for different individuals within an institution.
  • Some privacy fears would be addressed, since the patient would be able to control whether past medical records could be found.

NCVHS Document Proposal – Strengths

  • Fully meets 17 of the 30 ASTM conceptual characteristics and partly meets 1.
  • Uses existing identifier as part of the solution.
  • Relatively easy to implement.
  • Low cost of implementation.
  • Does not require a Central Trusted Authority.
  • Eliminates the effort, time and investment that will be required for developing and implementing a new identifier.

NEGATIVE ASPECTS/WEAKNESSES   Notice of Intent Proposal – Negative Aspects

  • The medical record number with practitioner prefix would be unique to an individual only within an institution, for example, a hospital or a managed care organization.
  • The medical record number with practitioner prefix would not be permanent; it would change when the practitioner changed.
  • The medical record number with practitioner prefix would not permit the linkage of records from different institutions for valid administratively or clinically necessary applications.
  • The proposal would require the practitioner designated by an individual to take on the role of updating information in the individual’s medical record and linking it to the individual’s other sites of care.

NCVHS Document Proposal – Weaknesses

  • The Medical Record Number with a provider prefix is not a Unique Patient Identifier. Patient's ID will change when they change the primary care physician.
  • Does not meet two of the five operational characteristics and a third is not adequately addressed.
  • Only partially meets four of the six Unique Patient Identifier components' requirements and a fifth is not addressed.
  • Only partially fulfills the basic functions of the Unique Patient Identifier.
  • The existing medical record numbers have not been able to support exchange of information across institutional boundaries. System vendors are required to develop enterprise-wide MPI and cross indexes to link information from different institutions for the same patient which in turn led the industry in search for a Unique Patient Identifier.
  • Sophisticated computer tools and software have to be developed and introduced to address the exchange of information from multiple institutions with multiple identifiers for the same patient. This task has been an unfulfilled challenge for the industry.
  • Adequate protection must be provided to assure accurate matching and secure transmission of patient information.
  • Primary Care Physician's role has to be modified to include keeping track of the sites of care for individual patients.
  • The tracking of a patient's other sites of care or record locations depends on the ability of the patient's primary care physician.
  • A change in the choice of the Primary Care Physician by the patient or a change in the practice or affiliation by the Primary Care Physician can cause delay and difficulty in accessing information.

C.. IDENTIFIER – San Francisco Family Health Organization’s (FHOPs) Core Data Elements-Based Patient Identification  

DESCRIPTION   NCVHS Document

  • FHOP has opted for data standardization and unique client identification instead of establishing a unique client ID.
  • FHOPs identifying data elements consist of two sets – Core Data Elements (birth name, birth date, birth place, mother’s first name, and gender) and Confirmatory Data Elements (Social Security Number, other client number, father’s name, mother’s maiden name, current name, county of client’s residence, and zip of client’s residence).
  • Uses object oriented software technology and a method known as blocking technique.
  • The blocking technique is used to determine the relative weighting order an alphanumeric string value is derived, which can be used as a Common Patient Identifier.
  • The Common Patient Identifier value can be destroyed after linkage, serving as a virtual identifier.

POSITIVE ASPECTS/STRENGTHS   NCVHS Document – Strengths

  • Uses a common set of data elements from which an alphanumeric value can be derived to serve as a Patient Identifier or a Temporary/Virtual Identifier.
  • Uses a set of data elements that patients are familiar with.
  • Eliminates the effort, time and investment that will be required for developing and implementing a new identifier.

NEGATIVE ASPECTS/WEAKNESSES  

NCVHS Document – Weaknesses 

  • Not a Unique Patient Identifier and does not meet ASTM requirements (meets only 8 of the 30 requirements).
  • Does not meet three (3) of the five (5) Unique Patient Identifier's operational characteristics and only partially meets the remaining two (2).
  • Does not meet four (4) of the six Unique Patient Identifier Component requirements and only partially meets the remaining two (2).
  • Only partially fulfills the Unique Patient Identifier's basic functional requirements.
  • Does not replace existing identifiers, but is used in addition to existing identifier.
  • Use of Common Core Data Elements in combination with seven additional Confirmatory Data Elements for identification, verification, registration and patient care communication and other day-today activities may become

  • complex, time consuming and burdensome.
  • FHOP approach uses patient data and therefore, not content free.
  • The use of patient's personal information for identification instead of a content free identifier has inherent risk for violation of privacy.
  • Searching and accurately matching 5 to 12 data elements instead of a single identifier present complexity even with computer.
  • The alphanumeric value derived for use as a Common Patient Identifier or a temporary Virtual Identifier requires the use of weighting and probabilistic matching algorithms which are too complex for manual use.
  • The approach relies on patient's accurate supply of Data Elements every time.
  • Inconsistent spellings, mispronunciation and typographical errors may alter the value of both the Common Patient Identifier and Virtual Identifier values.
  • Pilot projects by FHOP were designed to identify, link and eliminate duplicate records from databases. The method's applicability to perform all of the basic functions of a Unique Patient Identifier has not been established.
  • Nation-wide use which includes accessing independent organizations and searching, matching and exchanging information has not been included in the proposal.
  • Nation-wide application requires:

  • a) prior knowledge of record location and sufficient identification information;
    b) provider organization's participation in the FHOP's Core Data Element-based Patient Identification process and authorization for searching for the patient, patient identifier and patient information by another computer system;
    c) adequate security arrangements for searching and exchanging patient information; and
    d) development and implementation of a powerful and reliable searching and matching algorithms.

IV. HYBRID PROPOSALS

A. IDENTIFIER – The UHID/SSA Proposal  

DESCRIPTION  

  • Identifier based on properties of the Sample, UHID as described in the ASTM’s Standard Guide, with the SSA as the trusted authority for assignment and maintenance.
  • Would consist of four parts: (a) a sequential number that identifies an individual uniquely, (b) a delimiter, (c) one or more check digits, and (d) an encryption scheme identifier to allow for extra protection of a patient’s identity in sensitive situations.
  • Does not specify lengths of each component of identifier.
  • People who do not have an SSN would be issued UHIDs as they generate their first encounter with the health system.
  • UHID would maintain the database linking the SSN with the health identifier for its internal verification process, but other unauthorized users would be prohibited from linking the two numbers.

POSITIVE ASPECTS/STRENGTHS  

  • The UHID/SSA proposal meets the requirement of HIPAA for a standard, unique health identifier for each individual.
  • Designating the SSA as the responsible authority for assigning the health care identifier builds on the present infrastructure for issuing SSNs.
  • The proposal builds on the improvements needed to validate SSNs in use.
  • It incorporates check digit and encryption capabilities.
  • It would restrict the identifier to health care uses that can be protected with legislation or regulation.

NEGATIVE ASPECTS/WEAKNESSES  

  • The cost to the industry to modify its systems and add another, longer identifier would be significant.
  • The re-verification component of this proposal would be very costly to implement, according to the SSA’s figures. If funding for the SSA to accomplish the re-verification is not forthcoming, an important feature of this proposal would become prohibitively expensive.

B. IDENTIFIER – Veterans Health Administration Hybrid Model  

DESCRIPTION  

  • Currently being pilot tested.
  • Based on an implementation by the VHA.
  • Method involves the use of a master patient index system that identifies patients using VHA services based on several identifying properties, including SSN, and the assignment of a unique identifier that is based on the ASTM Sample UHID.
  • VHA terms this unique identifer an Integration Control Number (ICN).
  • When a person does not have an ICN goes in for care, the central system assigns a temporary ICN.
  • If person is later identified and has an ICN, the temporary ICN becomes an alias to the principal ICN.

POSITIVE ASPECTS/STRENGTHS  

  • Use of the ICN corrects for deficiencies in use of the SSN as an identifier. The SSN serves as one item in the identification index, but is not the sole identifier.
  • The ICN is used only for health care. Linkages for other purposes that might compromise patient privacy could be prohibited by legislation or regulation.

NEGATIVE ASPECTS/WEAKNESSES 

  • Some of the negatives of the UHID/SSA proposal, such as length and cost to implement, carry over to this system due to their similarities.
  • While this system would provide a method for records to be readily linked to other systems' records through proper channels, it would not be cost effective to implement on a national scale if an entirely new agency had to be created to provide governance.

V. CRYPTOGRAPHY METHODS THAT ARE NOT IDENTIFIERS

A. IDENTIFIER – Cryptography Methods

DESCRIPTION  

  • Keeps data secret, primarily through the use of mathematical or logical functions that transform intelligible data into seemingly unintelligible data and back again.
  • Not actually an identifier but a means of protecting identifiers through the application of encryption technology.
  • Two-key system data is encoded with one key and decoded with another key.

POSITIVE ASPECTS/STRENGTHS  Notice of Intent – Positive Aspects

  • Public/private key management schemes are now proven technology and could be used as part of any unique health identifier for individuals implementation scheme that is adopted.

NCVHS Document – Strengths

  • The Cryptography-based Unique Patient Identifier meets most of ASTM criteria (of the 30 requirements, fully meets 22 and partly meets 1),.
  • It is a new choice and can be designed to exclude known defects or limitations.
  • It provides an opportunity to develop the required specifications and design a system to meet the industry's need and take advantage of current technology.
  • It avoids crossover problems from an existing system that need to be fixed or those that cannot be fixed retrospectively.
  • The financial industry has a demonstrated success with the Cryptography Method for secure Electronic transactions.
  • The experience, know-how and the capability to develop and implement such a system is already available.

  •  
    NEGATIVE ASPECTS/WEAKNESSES

Notice of Intent – Negative Aspects

  • The infrastructure necessary to distribute and support the keys to everyone in the population would be prohibitively expensive to implement in the 2-year time frame allowed by the law.
  • The educational and cultural challenges associated with training all adults in the use and control of encryption keys would be significant.
  • This scheme the private does not address the need to identify records when the patient is not present or is not able to provide key.

NCVHS Document – Weaknesses

  • The Cryptography-based Patient Identifier currently does not meet four of the five operational characteristics.
  • It does not meet three of six identifier components requirements and two more are not addressed adequately.
  • The method does not yield a Unique Patient Identifier. Patients will have multiple IDs each generated by the public key of the provider.
  • According to Dr. Szolovits, automation and application of computers by the healthcare industry must be universal for this method to become a viable patient identifier.
  • The Cryptography Method is at a conceptual level. It requires specifications, design, development, testing and deployment that are yet to be organized.
  • Untested - implementing a brand new system nationwide, that has not yet been proven has inherent risk for its success.
  • The required technology infrastructure and administrative structures need to be established.
  • The method requires creation of a Central Trusted Authority, development of its organizational structure, operating procedures, definition of its authority and an implementation plan.
  • Developing and implementing a new system without the above weaknesses will require a huge investment of resources, substantial effort and time.

Back to the top

REQUEST 
Case studies that document the positive use of Identifiers by operating health care entities are sought. Those case studies will:

1. Contribute to the understanding by the JHITA membership of the benefits of using a universal patient identifier, and

2. Support a determination of whether JHITA could play a positive role in fostering such an Identifier.

Please contact Brian Thiel or Kelli Short if you are able to provide a case study (bthiel@pmainc.net or kshort@pmainc.net). You will be provided a standardized format for the case study.

TABLE OF CONTENTS


HIPAA
Home

06/23/99

Admin Simplification

CPRI

Consumer
Bill of Rights

Code Sets

DISA X12N


FAQ 1
FAQ 2
FAQ 3
FAQ 4
FAQ 5
FAQ 6
FAQ 7
FAQ 8
FAQ 9
FAQ 10
FAQ 11
FAQ 12
FAQ 13
FAQ 14
FAQ 15
FAQ 16
FAQ 17
FAQ 18
FAQ 19
FAQ's

History

HISB Intro.
HISB Codes
HISB UID
IHCLME
CPR
E31
DICOM
MIB
NCPDP
NSF
UB92
148
270
271
275
276
278
811
820
834
835
837

JHITA Report 02/01/1999
JHITA Overview

Links
Milestones
NPI
Overview
Privacy Milestones
Public Law 104191

UPI_1
UPI_2
UPI_3
UPI_4
UPI_5
UPI_6
UPI_7
UPI_7-1
UPI_7-2
UPI_7-3
UPI_7-4
UPI_7-5
UPI_7-6
UPI_7-7
UPI_7-8
UPI_7-9
UPI_7-10
UPI_7-11