[ Friday, May 26, 2006 ]


Unique Patient Identifier: A while back, I posted on one possible reason why it's a big mistake to not push for the establishment of a system of unique identifiers for each patient who ever enters the healthcare system. You know the advantages: all your records in one place, easy to find, no worries that your information won't be where you need it when you need it, no confusion that you are someone else, and the final link in digitizing all of the participants in the healthcare stream of commerce. You also know the disadvantages: concerns about privacy, about someone posing as someone else to get their information, concerns about possible data mining of the consolidated information for commercial or nefarious purposes, such as denying insurance to people because their medical records indicate a tendency toward disease, etc. Add to that the (perhaps paranoid) natural suspicions of Americans for whom a "national identity card" is the equivalent of the "papers" that Germans had to carry in WWII movies. This hurdle, the privacy red flag that blinds the conspiracy theorists, has been very high, and there's nobody motivated enough on the other side to have enough momentum to try to jump it.

I've indicated that, personally, I think having a UPI would be useful for a single powerful reason: there already is a common UPI for healthcare patients, and that's their social security number. 99 percent of the population already uses their social security number as their patient identifier. For those who say it's unAmerican to have a national ID card, I say the horse has already left the barn: we don't usually show our Social Security Cards to prove our identity, but we certainly do disclose our Social Security Numbers to do so.

That number is the key to your financial information, and the key for someone who wants to steal your identity for financial fraud. And really, there aren't too many people who want to steal your identity for the purpose of having your medical records appear as their own. Sure, there are instances where someone wants to steal your healthcare-specific identity to allow them to get healthcare, but that's a very small risk compared to the risk that someone would want to steal your identity to commit financial fraud.

But what if your financial identity was separated from your healthcare identity? Wouldn't that make you less hostile to the possibility that someone might get hold of your ID number? Also, if someone who hacked into your healthcare records only got your UPI and not your SSN, it would be a lot less useful to them, which would make your healthcare records a lot less of a juicy target for a data thief. Sure, I know, there are still valuable nuggets in your healthcare information, at least for the right person viewing them. But the target value would go down pretty dramatically.

Anyway, why am I rehashing? Because there's a great article on the possible rebirth of at least the debate over implementing a UPI system in this week's Modern Healthcare (subscription may be required). It's pretty easy to see the divide between the commercialists and informaticists on the one side and the privacy Nazis on the other side (note: I'm not calling them Nazis in a Godwin's Law fashion that they're really fascists -- they're the opposite -- but in a "Soup Nazi" fashion). For example, Joy Pritts of Georgetown says that a UPI "is not necessarily a horrible idea if it's done right. . . ." Actually, it's a fabulous idea if done right; the question is if it's necessarily a horrible idea if it's done not-so-right. And I don't think it is. I think it's a worthwhile endeavor even if it has a few hiccups. It will still make medical records a poor source of data for identity theft, which is a pretty good idea.

Jeff [2:23 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template