Ted Cooper, MD
Computer-based Patient Record
Institute
Board of Directors Chairperson
National Committee on Vital and Health Statistics
Subcommittee
on Standards and Security
July 21, 1998
James R. Thompson
Center, Room 9-040
100 West Randolph Street
Chicago, IL
Hearings on the Unique Health Identifier for Individuals
I am Ted Cooper, MD, the Chairperson of the Board of Directors of the Computer-based Patient Record Institute (CPRI). The CPRI is a nonprofit membership organization committed to advancing improvements in health care quality, cost, and access through use of information technology. It serves as a neutral forum for bringing together diverse interests of health care stakeholders to develop common solutions. CPRI was established in 1992 as a result of the recommendation of an Institute of Medicine (IOM) study: The Computer-based Patient Record: An Essential Technology for Health Care (National Academy Press, 1991).
The IOM study describes the potential value for increasing quality and decreasing costs of health care with the use of a computer-based patient record. The IOM and the CPRI have identified the unique health identifier for individuals (UHII) as one of the essential elements required for effective and efficient use of computer-based patient record systems.
The concepts, value, necessity and challenges in adopting a UHII are well described in the Department of Health and Human Services’ white paper “Unique Health Identifier for Individuals”. This document also describes the CPRI position paper of 1993 and action plan of 1996 for the use of an enhanced social security number (ESSN) as the UHII.
I would like to present the CPRI’s position on the UHII.
STATEMENT OF CPRI POSITION ON UHII
The urgency attached to this issue is due to the increasing number of providers involved in an individual's care (all pursuing courses of treatment that are documented in separate records), the rising cost associated with merging patient records as health care providers integrate delivery systems, and the increasing frequency of need to exchange an individual’s health care information with different providers or provider organizations.
While the need for a unique health identifier is generally agreed upon, and various options have been debated, no breakthrough strategy for a specific solution has been advanced.
In 1993, CPRI published a position paper recommending that the social security number (SSN), with modifications in the number and the process for issuing it, be adopted immediately as a "universal patient identifier." At the same time, several other organizations, such as the Work Group on Electronic Data Interchange (WEDI), the National Association of Health Data Organizations (NAHDO), and the American Medical Informatics Association (AMIA) also supported the SSN for this purpose. More recently, several states have mandated the use of SSN for state data reporting and have required process changes to facilitate issuance of numbers.
ALTERNATIVE IDENTIFIERS
Many alternatives to the SSN have been suggested. Several organizations support creation of a new numbering system to be used as the identifier. There are many algorithms proposed to create such a number involving various pieces of demographic information about an individual. ASTM's Guide for the Properties of a Universal Healthcare Identifier outlines many of the limitations of using the current SSN and issuance policies. For example, SSNs are not issued at birth, not everyone receiving health care in the US is eligible for a SSN, some individuals have more than one SSN, and in some cases one SSN has been issued to more than one individual. A technical deficiency in the existing SSN is the lack of a check digit. Use of a check digit is an important tool to help catch transcription errors. Clearly these issues would need to be addressed in any proposal for a unique health identifier based on the SSN.
Biometric identifiers, such as retinal scans, DNA prints, and thumb prints, are generally capable of uniquely identifying the patient at the time of treatment. While cost and reliability of such systems are issues, the primary issue is availability of the biometric identifier when services are needed. It is estimated that 80 percent of the cases where access to patient specific information is required do not involve a patient's physical presence, such as transferring medical records from one physician to another for consultation and handling phone calls from the patient to the provider. Thus a biometric identifier would need to be turned into a character string – essentially becoming an alternative number.
Proponents of a new number point out that it would be linked only to health records and associated databases. Any identifier has as its key attribute the ability to link information. With appropriate security procedures and legislation that provides sanctions for breaches of confidentiality, the SSN can be used in as secure a manner as any other identifier. But because the SSN is available today, it can be implemented at lower cost than an entirely new system. In addition, most providers currently record the SSN of their patients, so it is available as part of many existing systems thereby reducing the implementation costs to providers.
In light of concern raised by some over the adoption of the SSN as the unique health identifier, CPRI established a task force in 1994 to reevaluate the SSN in this role. This task force devoted significant effort evaluating different identification schemes and concluded that with modifications to the SSN and important changes to the process of issuing SSNs, a unique health identifier based on the SSN is the most feasible option.
CONSIDERATIONS FOR ADOPTING THE SSN
To ensure both acceptance and functionality of a modified SSN as the unique health identifier, several considerations related to implementation and performance must be addressed. These include issues of confidentiality and security, procedures for issuing unique health identifiers by a "trusted authority," the requirement of uniqueness, cost of implementation, and the need to educate the public on the role of the unique health identifier.
Confidentiality and Security
A unique health identifier is essential to implementing a computer-based patient record. Using a unique health identifier to link patient data, however, must be accompanied by enforceable policies that protect the confidentiality of identifiable patient data. Confidentiality and security are largely policy issues, enforcement of which may be accomplished using technology tools and functions. The CPRI has consistently held that establishing guidelines enforceable by law for maintaining strict confidentiality of patient records is crucial to implementing the computer-based patient record.
A primary concern for the use of SSN is the potential for using it to link other non-health care data. Any numbering system, however, may be used to link other data. Preventing unlawful linkage lies not in the number itself, but in privacy protection law, anti-discrimination law, and use of system security features that prevent unauthorized access to confidential data. There must be explicit constraints regarding linking of health data, and appropriate penalties for breach of confidentiality and discriminatory practices. Encryption, secure networks, and other such technology provide means of securing the data itself.
Trusted Authority
Equally important in the confidentiality and security issue is the identity and the responsibilities of the trusted authority that administers a unique health identifier system. Establishing a trusted authority is a choice between creating a new organization or incorporating the function into the charter of an existing organization. Any such organization will necessarily require the public trust. As such, it must incorporate both public and private interests. The cost and time required to set up a new organization with the accompanying infrastructure would far exceed the cost of using an existing organization.
A logical choice for an existing entity is the Social Security Administration (SSA). It has over thirteen hundred offices nationwide, and is beginning to process requests for SSNs in real time. However, for the SSA to effectively administer SSNs as a unique health identifier, there must be significant changes to SSA procedures for issuing the numbers. There must be increased funding and specific tasking of the SSA to clean up existing duplication, multiple assignments, and other errors. Fortunately, these actions would benefit all users of the SSN. The SSA will ultimately face the challenge of lack of capacity if the SSN is limited to numbers only. This limitation could be handled by converting digits to alpha characters, as being proposed for the universal provider identifier. In addition, there must be legislation permitting the use of SSNs for health identification purposes. There must also be a mechanism whereby identifiers can be assigned to those without an SSN. Finally, there must be an authentication algorithm used to establish the identity and authority of the organization requesting a number.
Uniqueness
Health Data in the Information Age (Institute of Medicine, National Academy Press, 1994) delineates characteristics it believes critical to any unique health identifier, including: easy transition to the number, built in error control features, ability to identify and verify the person's identity, universal applicability which never impedes access or delivery of health care, full functionality to link events occurring at multiple providers, and minimization of opportunities for crime and abuse.
One helpful characteristic of a unique health identifier is the inclusion of a check digit. A check digit is used to determine the accuracy of the data entry process. The Verhoeff method (Error detecting decimal codes, Mathematical Centre Tract 29, 1969, The Mathematical Center, Amsterdam) detects approximately 99.8 percent of the transcription errors associated with entering a SSN. Check digit methods provide a high level of immunity from data input errors. The check digit does not have to be stored.
Cost/Benefit
Availability of the SSN makes it the most cost-effective solution. Initial estimates indicate that the overall cost of creating a new identification system would be considerably greater than adopting the SSN with a check digit and process improvements at the SSA. Many health care organizations, including the Department of Veterans Affairs, and Health Care Financing Administration (HCFA), already use the SSN in their identifiers, or at least collect it as part of patient demographics. Finally, improving SSN issuance would have a significant impact on fraud and abuse in the entire system of entitlements which relies on SSN for identification purposes.
Education
The 1993 Health Information Privacy Survey conducted for Equifax by Louis Harris and Associates showed strong support for use of the SSN as the unique health identifier. The report reads "Were such a personal ID number introduced, there is a clear preference for it being the same number as the SSN. A strong majority of leaders (72%) and the public (67%) favors using the SSN as their health care identification card." Although the results of this survey indicate a generally favorable opinion about use of the SSN as the patient identifier, CPRI recommends developing a program of public education describing the potential advantages of a unique health identifier and the measures that ensure protection of personal health data.
CPRI calls upon the National Committee on Vital and Health Statistics to immediately recommend to the Secretary of the Department of Health and Human Services (DHHS) the adoption of a unique health identifier based on the SSN.
The following steps outline a course of specific actions that are necessary to meet this objective:
The CPRI continues to endorse these recommendations.
In the spring of 1998 it was recognized that many individuals interpreted the CPRI position on using the ESSN for a UHII and the ASTM standard E1714-95 “Standard Guide for Properties of a Universal Healthcare Identifier (UHID)” as being at odds with one another. In an effort to resolve this apparent conflict, the CPRI and ASTM requested Barry Hieb, MD representing the ASTM and Solomon Appavu representing the CPRI to develop a list of the requirements for the UHII and to list them by priority. At the July 1998 CPRI Board of Directors meeting the document they produced was endorsed.
The only difference between the views of the ASTM and CPRI was for requirement ten: “Focused: - Health care identifiers should be created and maintained solely for the purpose of supporting health care. Their form, usage, and policies should not be influenced by the needs or requirements of other activities.” While the CPRI views this requirement as desirable we do not feel that it is essential. ASTM on the other hand views this as essential. There is a possibility that this difference of opinion could be overcome if the ESSN were designated as “focused” according to the above definition. In that case the ESSN would only be used for health care and not replace the SSN for non-health care uses. Certainly taking this approach would simplify the implementation process as those who are using the SSN now outside of health care would not have to expend resources to change their systems and would not necessarily have to “buy-in” to the ESSN.