eCommerce
Search our
entire site
Enter your search
terms below, or visit
our search
page
Search
case
studies only
Enter your search
terms below:
For
the table
of contents and
hyperlinks to
general topics
proceed to toc
Part Nine: Result of the Analysis
The outcome of this analysis is summarized in five (5) parts:
1) General Findings relating to Unique Patient Identifier requirements, functions, characteristics, components and capabilities
2) Compliance with Unique Patient Identifier Requirements including ASTM Conceptual Characteristics, Operational Characteristics and Components Requirements and Basic Functions
3) Compliance Summary
4) Compliance Matrix for ASTM Conceptual Characteristics
5) Compliance Matrix for Operational Characteristics, Components Requirements Basic Functions.
1) General Findings
GF1. Patient Identifier is an integral part of patient care
Positive identification of the patient is required for the delivery of care. Healthcare organizations perform this function with the use of a Patient Identifier. Reliable Patient Identifiers are mandatory for sensitive procedures, such as blood transfusion, invasive testing, surgical procedures and medication administration. They are routinely used for 1) ordering and reporting the results of tests, procedures and medications, 2) coordinating the multi-disciplinary patient care delivery processes and 3) managing all administrative functions, such as scheduling, billing and coordination of benefit. Therefore, Patient Identifiers are an integral part of the process of delivery of care.
GF2. Patient Identifier is an Integral Part of Patient Information
A Patient Identifier accurately and uniquely identifies the patient and his/her medical information. Clinical documentation including results, observations, diagnosis, procedures, medication, progress, outcomes, etc. is based on the Patient Identifier. It is vital for the management of automated information and manual medical record functions including compilation, filing, storage, retrieval and communication. Patient Identifier is mandated by regulatory authorities as a component of the medical record. Therefore, it is an integral part of the patient care information.
GF3. The Need for a Unique Patient Identifier is Urgent and Essential
The industry is currently using patient identifiers for day to day patient care functions. The continuum of care across multiple providers, access to information from multiple care settings that are necessary during the delivery of care and the retrieval and assembly of relevant patient care information from past episodes of care across different times require the use of a Unique Patient Identifier. Unique Patient Identifiers are required to facilitate the aggregation of population-based health information for research and development purposes. The identifiers used currently are not unique across the national healthcare system. Therefore, they present problems in 1) accessing or integrating information from different providers and their computer systems, 2) aggregating and providing a lifelong view of a patient's information and 3) supporting population-based research and development. Making the Patient Identifier unique across the nation brings significant improvements to the entire industry. The need for a Unique Patient Identifier is vital and therefore, not a debatable issue.
GF4. Industry pursues an aggressive solution for a Unique Patient Identifier
Recent advancements in computer and communication technologies have opened up new opportunities for interoperability among geographically distributed healthcare organizations. These new opportunities have the potential to facilitate the integration of patient care information from multiple providers and different times to form a lifelong record of a patient. They can provide communication capabilities to enable online and realtime consultations, coordination of care, telemedicine/remote care, etc. Unique Patient Identifier plays an indispensable role as the interoperability key in turning these possibilities into reality. The response from the industry to meet this important need is impressive. It has come up with a total of 12 new proposals for the Unique Patient Identifier. The proponents include provider organizations, healthcare professionals from different disciplines, software developers, standards developing organizations, information technology professionals, industry consortium and professional organizations.
GF5. The Privacy, Confidentiality & Security of Patient Information Do Not Preclude the Use of Unique Patient Identifier
The privacy and confidentiality of patient care information is a difficult challenge facing the entire healthcare industry and cannot be ignored. In order to fully and effectively address the privacy requirements, the following additional steps must be taken at national, organizational and individual levels:
1. Federal Privacy, Confidentiality and Security Legislation relating to healthcare information including the use of Patient Identifiers (national level)
2. Appropriate organizational policies and procedures to protect patient care information maintained by organizations (organizational level)
3. Appropriate access control to prevent unauthorized access including software access security, physical access security, encryption protection such as encrypting the identifier itself and authentication mechanism to ensure legitimate access (organizational level)
4. Audit trails for tracking inappropriate access and preventive steps against possible misuse (organizational level)
5. The above protective measures must be evaluated on an ongoing basis and improved continuously (organizational level)
6. Public education on the importance of privacy & confidentiality and user training to enforce patient's privacy and confidentiality (individual level).
The critical need of the industry such as the Unique Patient Identifier cannot be sacrificed due to the failure to adequately address the necessary privacy safeguard and subject the patient care to unnecessary risks. A Unique Patient Identifier is an integral part of the patient care information. Therefore, it requires the same confidentiality and security protection as the patient care information itself. The privacy, confidentiality and security requirements do not preclude the use of a Unique Patient Identifier. In fact, the Unique Patient Identifier can help meet these requirements by standardizing and strengthening access control and eliminating the repeated use of personal identification information.
GF6. A Judicious Design of the Unique Patient Identifier Can Fulfill the Patient Care Need and Protect the Privacy and Confidentiality of Patient Information.
Unique Patient Identifier requires a design architecture that will keep the identification of patient care information and its access as two distinct and separate functions within healthcare. The identifier's role is limited merely to identify the patient record by accessing only the identification segment of patient record and not its content. Access control deals with the authentication of the user (e.g. validation of user ID and password), verification of access privileges, audit trails, physical security, etc. This will enable the identification function and security access to complement and support each other by performing exclusively their own distinct roles rather than assuming each other's. This architecture consists of the following design approaches:
1. Separate identification from
access
2. Limit the Identifier's capability and use it for
identification alone (not to provide access to the
content of the patient information)
3. Design the Identifier to be unique
4. Utilize a standard/uniform set of identification
information
5. Design Access Control to include
a) authentication
b) access privilege
c) audit trails
d) separate access to ID segment and patient care information
6. Provide the option to store
Unique Patient Identifier in an encrypted format
7. Support the option to communicate it in an encrypted
format.
GF7. Effective Ongoing Organizational Measures are required to Support Patient Identification and Confidentiality
The judicious design discussed above must be supplemented by appropriate ongoing organizational measures to protect the patient care information. A failsafe access control mechanism including software security, physical access security, encryption protection and an authentication mechanism must be in place to prevent unauthorized access and ensure legitimate access. The security measures include audit trails for tracking inappropriate access and preventive steps against possible misuse. They must be evaluated on an ongoing basis and improved continuously.
GF8 Uniform Federal/State Legislation is Required to Protect the Privacy and Confidentiality of Healthcare Information
In order to ensure the privacy and confidentiality of patient care information beyond organizational boundaries, uniform federal and state privacy and confidentiality legislation is required. Such legislation must protect the Unique Patient Identifier from misuse, prevent unauthorized access to patient care information, illegal linkages and discrimination based on patient care information.
GF9. Individual Responsibility Must be Instilled Through Education
Protection of patient care information is also the responsibility of individuals that handle them. Therefore, individual responsibility for the privacy and confidentiality of patient information must be instilled through staff and user training, education and reinforcement among the users and consumers. Public education of the value of privacy and confidentiality of healthcare information and the legal consequences of violation must be provided nation-wide.
GF10. Unique Patient Identifier Requires an Issuing Authority
The issue and maintenance of the Unique Patient Identifier, the identification information and their use need to be handled either under a centralized or decentralized administration. The ASTM Standards Guide requires a Central Trusted Authority for this purpose. Example of available options are Social Security Administration and the United States Postal Service. The LHSTR Number proposal recommends the creation of a United States Vital Health Records Trust for this purpose.
GF11. Unique Patient Identifier Prevents Exposure and Protects Patient's Privacy
A Unique Patient Identifier eliminates repetitive use and disclosure of an individual's personal identification information (i.e. name, age, sex, race, marital status, place of residence, etc.) for routine internal and external communications (e.g. orders, results, medication, consultation, etc.) and protects the privacy of the individual. It helps preserve the patient anonymity while facilitating communication and information sharing.
GF12. Unique Patient Identifiers Help Standardize the Method of Accessing Patient Care Information
The use of a Unique Patient Identifier to access patient care information helps standardize the access method and enables organizations to use a single point of access. The direct use of the patient demographic information for the purpose of identification will increase the level of exposure and subject the patient to unnecessary privacy risks. The use of non-standard access methods instead of the Unique Patient Identifier method will be difficult to control and monitor. Therefore, it will increase the potential for the violation of privacy and confidentiality of patient information.
GF13. Unique Patient Identifier Strengthens Access Control to Protect the Privacy, Confidentiality and Security of Health Information
The single point of access and the standard access method enable organizations to plan and implement the necessary access control. They can monitor the access and continuously improve and strengthen the access control with appropriate measures. A valid Unique Patient Identifier provides both the necessary focused control as well as timely and reliable access. Accessing through a single Unique Patient Identifier also:
I. facilitates focusing on a single access point for the purposes of verifying access privileges, tracking violators, keeping audit trails and preventing unauthorized access.
ii. facilitates an individual's identification information and health information to be kept separate to ensure accurate identification of the individual without allowing access to the individual's health information.
iii. permits use of additional authentication elements such as a valid user ID, pass word, etc. to verify access privileges.
iv. enables industry to establish and follow a nation-wide standards for identification and access that can both detect the violations and facilitate preventive measures.
v. helps maintain appropriate access security for both the identification information and health information of individuals.
GF14. Multiple Identifiers Inhibit Timely Access
Use of multiple identifiers for the same patient keeps the information fragmented and isolated and makes it difficult for timely access for care by providers from other locations. It may make the unauthorized linkage difficult, but by the same token, it also hurts legitimate purposes such as timely access to information and delivery of care.
GF15. Access Security Controls the Privacy and Confidentiality, and not the Identifier
Unique Patient Identifier must accurately identify the patient information. However, access to such information must be controlled with appropriate access security including, physical security, system controls, user ID, password authentication, audit trails, etc. The role of the access security is to grant access for authorized use and prevent unauthorized use. The role of a Unique Patient Identifier is to assist the authorized use by accurately identifying the patient and his/her information.
GF16. Unique Patient Identifier is Made up of Six (6) Critical Components
Unique Patient Identifier is made up of six (6) components essential for its performance. They are:
1. Identifier (numeric,
alphanumeric, etc.) Scheme
2. Identifying Information
3. Index
4. Mechanism to hide or the tool to encrypt the
Identifier
5. Technology infrastructure including the software,
hardware and communication technologies to search,
identify, match, encrypt, etc.
6. Administrative infrastructure including the Central
Governing Authority.
These components must work together to effectively fulfill the objectives of the Unique Patient Identifier.
GF17. Identifier Components and Operational Characteristics are Critical to the Basic Functions of Unique Patient Identifier
The focus, on the choice of a Unique Patient Identifier, its content/format and assignment, alone will not address the patient identification need. It can neither protect the privacy and confidentiality of patient care information nor assure its accurate identification. These functions depend also on the maintenance of current identification information, security measures such as access security and secure communication, and appropriate technology infrastructure. The six (6) identifier components and operational characteristics provide these capabilities, and in essence give the identifier the necessary functionality.
GF18. Reliable Identification and Confidentiality Require Provider/User Organizations' Participation and Compliance
Although most of the ASTM characteristics such as assignable, accessible, identifiable, etc. deal with compliance by the Issuing Authority, healthcare information is created, maintained, accessed and used at healthcare organizations. Positive identification of individuals and access to their patient care information are required at these sites. Therefore, the major threat to the privacy of patient care information occurs at the user end where the information resides rather than at the issuing end. Appropriate control and security are therefore, required both at the point of issue of Unique Patient Identifier such as a Central Trusted Authority and the point of use, such as a provider organization. In order to assure reliable and accurate identification, the identification information must be accurate and current both at the point of issue of the identifier and the provider organizations. Compliance with ASTM conceptual characteristics by the Issuing Authority is necessary for a prompt, reliable and accurate issue of identifiers.
GF19. Check-digits and Encryption are Common to All Options
Check-digit protects against transcription errors and assures accuracy. It can be used to support any numeric identifier. Encryption ensures storage and communication in a secure format. All the Unique Patient Identifier options discussed in this report can make use of this feature. Different encryption schemes yield different encrypted identifier for the same patient. Only authorized users can decrypt the encrypted identifier. Encryption may be used when protection is needed or on a permanent basis. It may be administered either by a Cental Trusted Authority or by provider organizations themselves.
GF20. Development of Technology Infrastructure Requires Direction, Support and Coordination
Alternatives to the Unique Patient Identifier options CORBAMed, HL7 and Directory Service address a critical but only one of the identifier components, namely, the technology infrastructure/software solution. Although these are not identifier initiatives, the selection and industry-wide adoption of a Unique Patient Identifier will help their development and strengthen their capabilities. Basic functions of the Unique Patient Identifier depend on the technology infrastructure.
GF21. Critical Functions are Independent of Identifier Scheme/Value of the Identifier
Critical functions such as access control, identification information, administrative and technology infrastructure, etc. are independent of the numbering scheme or the value of the identifier (i.e. the actual choice of the Unique Patient Identifier). They are not unique or proprietary to any particular Unique Patient Identifier (numbering) scheme or value. They can be implemented with any one of the five Unique Patient Identifier options.
2) Compliance with Unique Patient Identifier Requirements
i. Compliance with ASTM
Conceptual Characteristics
a) Unique Patient Identifiers:
All Unique Patient Identifier options meet almost all of these criteria. None of these options are "based on existing standards". Sufficient information is not available to compare their "cost effectiveness". Although the ASTM Standard Guide requires the Unique Patient Identifier to be "public", it is an integral part of the patient's health information and requires the same protection as the patient care information. All six options are in general compliance with the remaining ASTM characteristics.
1. Enhanced SSN complies fully with 27 criteria and partially with 1.
2. Sample UHID complies fully with 25 criteria and partially with 1.
3. Unique Patient Identifier based on the Bank Card Method complies fully with 27 criteria.
4. The Personal Immutable Characteristics based Model UPI complies fully with 23 criteria and partially with 1.
5. The LHSTR Number complies fully with 24 criteria and partially with 2.
6. The Unique Patient Identifier based on Biometrics complies fully with 20 criteria and partially with 3.
b) Non-Unique Patient Identifiers:
The Medical Record Number and Medical Record Number with a Provider Prefix do not meet several of the ASTM criteria such as unique, secure, disidentifiable, mappable, controllable, longevity, retroactive, centrally governed and universal. The Cryptography- based Identifier is not unique and not suitable for manual use. According to its proponents it cannot be used as a patient identifier until the use of computerization is universal throughout the healthcare organizations. In general, Non Unique Patient Identifiers do not meet the ASTM criteria adequately.
c) Alternatives to Unique Patient Identifier
Of the five (5) alternatives to the Unique Patient Identifier, Manual Process was not evaluated and the remaining four were analyzed. CORBAMed PIDS, HL7 Mediation and Directory Service are not identifiers. Therefore, they do not meet any of the ASTM criteria except "networked". FHOP's Standard Data Set does not meet 21 of the 30 criteria. It meets only identifiable, mergeable, linkable, mappable, focused, deployable, unique, networked and incremental criteria.
ii. Compliance with Operational Characteristics
Enhanced SSN is the only option that meets almost all of the Operational Characteristics. Only the proposed enhancements are not operational. Except for the Social Security Number, none of the six (6) Unique Patient Identifier options or the three (3) Non Unique Patient Identifiers or the five (5) alternatives are currently used as a Unique Patient Identifier. SSN is used across the nation by VA hospitals, Medicare and the Department of Defense. Most of the new proposals are at a conceptual level and not ready for implementation. A modified UHID is being tested by three VA hospital locations in Florida as an Internal Control Number (ICN). FHOP has tested the Common Core Data Elements on three databases of varying sizes. The Directory Service is being used on a limited scale for mental health projects in the state of Georgia. CORBAMed is in the RFP process and HL7 in the planning phase.
For CORBAMed PIDS, HL7 Mediation, Cryptography-based Identifier and FHOP's Standard Data Set, the software technology needs to be developed. They are, therefore, not ready for implementation. None of the options, except SSN, has the necessary administrative and technology infrastructure in place and their timely implementation is questionable. The LHSTR Number option does not require patient participation and uses birth certificate information for its issue. This may enable faster implementation.
iii. Compliance with Components Requirements
Enhanced SSN is the only option that meets all of the components requirements. Other options address only the identifier (format) component and its characteristics, and not the remaining five components. While all the options recognize the role and importance of the six components of Unique Patient Identifier, none provides a solution consisting of all the six components. The Sample UHID's scope does not include implementation issues. Although it indicates the need for these five components, it does not address them in detail. The LHSTR Number option includes a three (3) level patient identification information and the 3rd level tracks the previous episodes of care. Encryption is included in Enhanced SSN, Sample UHID, LHSTR Number and Cryptography based ID. CORBAMed PIDS, HL7 Mediation and Directory Service focus on software and communication (technology) infrastructure. SSA has existing administrative and technology infrastructures. LHSTR Number proposal recognizes the need for an administrative infrastructure and suggests an organization such as SSA.
iv. Compliance with Basic
Functions Criteria
a) Identification of Individuals for Delivery of Care and
Administrative Functions
These activities take place during the course of active delivery of care. Care providers and administrative staff use the identifiers to interact with the patient and among themselves. Only those identifiers that are concise and manageable in size fully meet these requirements and support identification functions and communication during delivery of care. Identifiers, that are not concise are not suitable for manual use and verification in oral and written communications, consultations and interaction among care providers and care team members. The Enhanced SSN, existing Medical Record Number and Medical Record Number with Provider Prefix appear to be more suitable for these functions than lengthy identifiers such as Sample UHID, LHSTR Number, Cryptography-based Identifiers. Alternatives such as CORBAMed PIDS, HL7 Mediation and Directory Service do not meet this criteria.
b) Identification of Information
Identification of information is required for a) coordination of multi-disciplinary care process, b) medical record keeping/organization of patient information, c) lifelong health record and d) aggregation of health information. Options other than the Enhanced SSN and the Medical Record Number are only at a conceptual level. Most of them do not comply with all of the Unique Patient Identifier component requirements and operational characteristics. Some options have their concepts well developed and some are at a preliminary level. Options such as Bank Card Method, Cryptography-based identifiers, etc. need a significant amount of additional development to compare their capabilities. Their ability to support these basic functions is unknown. The Sample UHID, the LHSTR Number and Unique Patient Identifier based on Personal Immutable Properties are examples of well developed concepts. However, to support these basic functions, they must have the remaining Unique Patient Identifier Components and the required operational characteristics in place. The analysis indicates their potential for identifying information once the rest of the Unique Patient Identifier Components and Operational Characteristics are in place. The Enhanced SSN meets these basic functions criteria and SSN is currently used for these purposes. CORBAMed PIDS, HL7 Mediation and Directory Service help linkage and aggregation of health information via software searching and matching. But they do not directly support record keeping or information management. They are not identifiers but software tools for searching and matching information. The FHOP option uses its data set (containing personal identification information) every time to perform the basic functions.
c) Privacy, Confidentiality & Security
Access Security: Only Enhanced SSN addresses the access security of health information via the use of a Unique Patient Identifier. CPRI recommends organizational security measures and federal legislation for this purpose. Other options do not address this important function.
Format & Content: Although the SSN format includes the time and place of its issue, for healthcare purposes it is considered as non-identifiable and content-free. The Sample UHID, LHSTR Number and Medical Record Number are content-free. Once again CORBAMed PIDS, HL7 Mediation, Directory Service are not identifiers, but they contain the patient's personal identification information and use them for searching, matching and verification.
Encryption: Enhanced SSN, Sample UHID, LHSTR Number and Cryptography based Identifier use encryption to disidentify individuals.
d) Improve Health/Reduce Cost
SSN is currently in use and SSA provides the necessary administrative and technology infrastructure throughout the nation. The SSA is continuing to evaluate options to improve its identification system including the card and the procedure. Therefore, Enhanced SSN can be implemented in the least amount of time and expenditure. Other options such as Sample UHID require development of the remaining Unique Patient Identifier Components, technology and administrative infrastructure, implementation plan, etc. Therefore, it involves additional resources and time. The LHSTR Number option uses the existing birth certificate information to speed up the assignment of identifiers. The options at levels where their concepts are not fully developed requires the greatest amount of time and resources to implement.
3) Compliance Summary
CS1. All of the Unique Patient Identifier options (SSN, ASTM Sample UHID, LHSTR Number, Personal Immutable Characteristics based Identifier, Bank Card Method and Biometrics) are in general compliance with the ASTM Conceptual Characteristics with the exception of Biometric method which does not meet 7 of the 30 characteristics.
CS2. Non-Unique Patient Identifier options (Medical Record Number, Medical Record Number with Provider Prefix and Cryptography based Identifier) do not meet the ASTM conceptual characteristics adequately.
CS3. Alternatives to Unique Patient Identifier (CORBAMed, HL7, Directory Service, FHOP Standard Data Set and Manual Process) are significantly non- compliant with the ASTM conceptual characteristics.
CS4. Those options that did not comply with the conceptual characteristics also did not comply with the rest of the requirements including Operational Characteristics, Unique Patient Identifier Component Requirements and Basic Function Requirements.
CS5. Of the five Unique Patient Identifier options that fared well at the conceptual level, Enhanced SSN is the only option that complied with the operational characteristics and component requirements. The remaining four are not operational and they still remain as concepts. They also did not meet the ASTM criteria concise and usable.
CS6. Of these remaining four, the Sample UHID is a well developed concept followed by the LHSTR Number and Personal Immutable Character-based Identifier. Even as a concept the Bank Card Method requires a significant amount of additional development.
CS7. SSN is used by 20% of the public as a Unique Patient Identifier and the SSA is evaluating different options to enhance SSN and fix its current problems.
CS8. A modified Sample UHID is piloted by the Florida VISN as an internal control number. However, it is used in conjunction with SSN. SSN continues to be the patient identifier (embossed, bar coded and included in the magnetic stripe of their ID card) because the ICN is too long for veterans to remember and users to handle.
CS9. The MRI's proposal, Medical Record Number with Provider Prefix, directs the focus away from patient identification to information identification. It designates the Primary Care Physician as the curator to track the previous sites of care for an individual. Therefore, it seems to neglect some of the basic functions of the Unique Patient Identifier.
CS10. Alternatives to Unique Patient Identifier address only one of the components of the Unique Patient Identifier (e.g. technology infrastructure and identification information) CORBAMed, HL7 and Directory Service address the technology infrastructure/software solution and the FHOP option addresses data standardization.
CS11. Options indicate preference for organizations similar to Social Security Administration (SSA) and United States Postal Service (USPS) to address the Administrative Infrastructure component and serve as the Central Trusted Authority. However, the organizational structure, authority, policies and procedures need to be defined and the Infrastructure established. SSA appears to have the most of the processes currently in use.
4) Compliance Matrix for ASTM Conceptual Characteristics
COMPLIANCE WITH ASTM CONCEPTUAL CHARACTERISTICS |
|||||||||||||
| Requirements | SSN | UHID | BCM | CRYP | IMM | BIO | LHST | MRN | MRPR | CORB | FHOP | HL7 | DIR |
| FUNCTIONAL: | |||||||||||||
| Accessible | Y | Y | Y | Y | Y | P | Y | Y | Y | ||||
| Assignable | Y | Y | Y | Y | Y | P | Y | Y | Y | ||||
| Identifiable | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |||
| Verifiable | Y | Y | Y | Y | Y | N | Y | Y | Y | ||||
| Mergeable | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |||
| Splittable | Y | Y | Y | Y | Y | Y | Y | Y | Y | ||||
| LIFELONG HEALTH RECORD: | |||||||||||||
| Linkable | Y | Y | Y | Y | Y | Y | Y | P | Y | Y | Y | Y | Y |
| Mappable | Y | Y | Y | Y | Y | Y | Y | Y | Y | ||||
| CONFIDENTIALITY: | |||||||||||||
| Content-free | Y | Y | Y | N | N | N | Y | Y | N | N | N | N | N |
| Controllable | Y | Y | Y | Y | Y | Y | Y | ||||||
| Healthcare Focused | P | Y | Y | Y | Y | N | Y | Y | Y | Y | Y | Y | Y |
| Secure | Y | Y | Y | Y | Y | Y | Y | ||||||
| Disidentifiable | Y | Y | Y | Y | Y | Y | Y | ||||||
| Public | N | N | N | N | N | N | N | N | N | N | N | N | N |
| STANDARDS: | |||||||||||||
| Based on Industry Standards | N | N | N | N | N | N | N | N | N | N | |||
| Deployable | Y | Y | Y | Y | Y | Y | Y | Y | Y | P | |||
| Usable | Y | P | Y | P | P | P | P | Y | Y | P | |||
| DESIGN: | |||||||||||||
| Unique | Y | Y | Y | N | Y | Y | Y | N | N | Y | |||
| Repository based | Y | Y | Y | Y | Y | Y | Y | Y | Y | N | |||
| Atomic | Y | Y | Y | Y | N | Y | Y | Y | Y | N | |||
| Concise | Y | N | Y | N | N | N | N | Y | Y | N | |||
| Unambiguous | Y | Y | Y | N | Y | Y | P | P | P | ||||
| Permanent | Y | Y | Y | Y | Y | Y | Y | Y | Y | P | |||
| Centrally Governed | Y | Y | Y | Y | Y | Y | Y | N | N | N | |||
| Networked | Y | Y | Y | Y | Y | Y | Y | N | Y | Y | Y | Y | Y |
| Longevity | Y | Y | Y | Y | Y | Y | Y | ||||||
| Retroactive | Y | Y | Y | Y | Y | Y | Y | ||||||
| Universal | Y | Y | Y | Y | Y | Y | Y | ||||||
| Incremental | Y | Y | Y | Y | Y | Y | Y | Y | Y | ||||
| ENHANCED HEALTH STATUS: | |||||||||||||
| Cost- effectiveness | Y | U | U | U | U | N | U | N | U | U | U | U | U |
Legend:
Y = Yes
N = No
P = Partial
U = Unknown
Blank Cell = Not Applicable
5) Compliance Matrix for Operational, Components and Basic Functions Requirements
COMPLIANCE WITH OPERATIONAL, COMPONENT & FUNCTIONAL REQUIREMENTS |
|||||||||||||
| Requirements | SSN | UHID | BCM | CRYP | IMM | BIO | LHST | MRN | MRPR | CORB | FHOP | HL7 | DIR |
| Operational: | |||||||||||||
| Operational as UPI | Y | N | N | N | N | N | N | N | N | N | N | N | N |
| Existing Infrastructure | Y | N | N | N | N | N | N | N | N | N | N | N | N |
| Readiness of Technology | Y | Y | Y | N | Y | Y | Y | P | P | Y | Y | Y | Y |
| Timely Imple- mentation | Y | U | N | N | U | N | U | N | U | N | N | N | N |
| Identification Information | Y | U | U | U | U | U | Y | P | Y | N | P | N | N |
| COMPONENT: | |||||||||||||
| Identifier | Y | Y | P | N | Y | P | Y | N | N | N | N | N | N |
| Identification Information | Y | U | U | U | U | U | Y | N | P | N | P | N | N |
| Index | Y | U | N | N | U | N | Y | N | P | N | N | N | N |
| Protect/Mask | Y | Y | N | Y | N | N | Y | N | N | N | N | N | N |
| Technical Infrastructure | Y | N | N | N | N | N | N | N | P | N | N | N | N |
| Admin. Infrastructure | Y | N | N | N | P | N | P | N | P | N | N | N | N |
| BASIC FUNCTIONS: | |||||||||||||
| Identification of Individual: | |||||||||||||
| Delivery of Care | Y | P* | U | N | P* | U | P* | N | N | N | N | N | N |
| Admin. Functions | Y | P* | U | N | P* | U | P* | N | N | N | N | N | N |
| Identification of Info: | |||||||||||||
| Multi-discipl. Care | Y | P* | U | N | P* | U | P* | N | N | N | N | N | N |
| Medical Rec. Keeping | Y | P* | U | N | P* | U | P* | N | N | N | N | N | N |
| Lifelong Health Record | Y | P* | U | P | P* | U | P* | N | N | P | N | P | P |
| Aggregation of Info | Y | P* | U | U | P* | U | P* | N | N | P | N | P | P |
| PRIVACY & SECURITY: | |||||||||||||
| Access Security | Y | U | U | U | U | U | U | N | N | U | U | U | U |
| Content-free | Y | Y | Y | N | N | N | Y | Y | N | N | N | N | N |
| Protect/Mask | Y | Y | N | Y | N | N | Y | N | N | N | N | N | N |
| IMPROVE STATUS: | |||||||||||||
| Cost- effectiveness | Y | U | U | U | U | U | U | N | U | U | U | U | U |
Legend:
Y = Yes
Y = No
P = Partial
P* = Partial Contingent upon compliance with Component Requirements and
Operational Characteristics
U = Unknown
HIPAA
Home
06/23/99
Admin Simplification
CPRI
Consumer
Bill of Rights
Code Sets
DISA X12N
FAQ 1
FAQ 2
FAQ 3
FAQ 4
FAQ 5
FAQ 6
FAQ 7
FAQ 8
FAQ 9
FAQ 10
FAQ 11
FAQ 12
FAQ 13
FAQ 14
FAQ 15
FAQ 16
FAQ 17
FAQ 18
FAQ 19
FAQ's
History
HISB Intro.
HISB Codes
HISB UID
IHCLME
CPR
E31
DICOM
MIB
NCPDP
NSF
UB92
148
270
271
275
276
278
811
820
834
835
837
JHITA Report 02/01/1999
JHITA Overview
Links
Milestones
NPI
Overview
Privacy Milestones
Public Law 104191
UPI_1
UPI_2
UPI_3
UPI_4
UPI_5
UPI_6
UPI_7
UPI_7-1
UPI_7-2
UPI_7-3
UPI_7-4
UPI_7-5
UPI_7-6
UPI_7-7
UPI_7-8
UPI_7-9
UPI_7-10
UPI_7-11
UPI_7-12
UPI_7-13
UPI_8
UPI_9
UPI_10
UPI_11
UPI_12
Unique Heath Identifier - Pt. 1
Pt. 2
Pt. 3
Pt. 4
Hearing Transcript