[ Tuesday, October 21, 2008 ]
Medical Identity Theft and the Unique Patient Identifier:
One of the goals of HIPAA was to increase the digitization and electronification of information. If we standardize the information and computerize it, we'll drive a lot of the inherent inefficiency out of the healthcare industry. Healthcare will still be expensive, but like increases in productivity can allow the economy (i.e., GDP) to continue to grow despite rising inflation and unemployment, increases in efficiency in the health industry will lessen the expense. Standardizing transactions (and data and code sets) is part of the solution. But one of the data sets that resists standardization is the Unique Patient Identifier (UPI).
We have National Provider Identifiers (NPIs); payors have their own unique numbers. But the fear is that if you reduce a patient's identity to a single number, anyone who can access that number can potentially access the patient's PHI.
But we've got a de facto UPI: the patient's social security number. If patients used a different number than their social security number, at least the loss of PHI privacy wouldn't also be coupled with an increased risk of identity theft.
As this LA Times blog post
indicates, with the increased attention medical ID theft is getting, maybe it is time to restart the engine on forcing UPI adoption.
Downside, beside the potential privacy issue (which doesn't really change, since now getting someone's SSN is like getting their UPI, only more so) (BTW, I personally think that's just way overblown), is that now you'll have to remember another long number. Everyone knows their social security number; not that many people know their drivers license number. I have a feeling the UPI would be more like the driver's license number than the SSN.
UPDATE: The Rand Corporation seems to agree
(not to confuse, but this report is from UPI -- United Press International -- about UPIs -- unique patient identifiers).
Jeff [6:32 PM]
Blogger: HIPAA Blog - Edit your Template