The health IT world is stumping for a unique patient identifier for every U.S. citizen following signs from Congress that it's open to the idea.
UPIs are distinct numbers, codes or data comparable to a Social Security number that differentiate one person from another. The idea of instituting one linked to patient health records is growing in popularity as a method to concretely match patients with their correct history, culling waste and avoidable medical errors.
"We want to have a unique patient ID — something that's universal. Something that works for everyone," Vik Kheterpal, a principal at CareEvolution, said Monday at the Office of the National Coordinator for Health IT's annual meeting in Washington, D.C. "But that's a tough charge to do."
According to a 2016 study by Johns Hopkins University, more than 250,000 people in the U.S. die every year from medical mistakes, some of which are attributable to physicians operating on incorrect data. Experts say the moves toward specialization and away from acute, inpatient settings for care delivery make it harder than ever for physicians to keep track of their patients, medications and pre-existing conditions.
That information is meant to be stored in an EHR. And, though the Trump administration is making strides in expanding access to health information, it won't count for anything if the information in those records is outdated or inaccurate.
It's a widespread challenge with no clear solution: Current match rates between organizations are as low as 50% or 60% accuracy, according to ONC.
The American Immunization Registry Association fields thousands of queries from physicians every day needing to know the vaccination status of their patients, according to Mary Beth Kurilo, the group's policy and planning director.
"We err on the side of conservatism when matching, but that can lead to partial records or go to human review, which is very costly and very challenging," Kurilo said on Monday's panel. "A unique patient identifier would be more efficient and cost-effective, and could also be leveraged for looking at coverage rates."
Sweeping privacy law HIPAA, passed in 1996, actually mandates HHS create a UPI for patients. But in 1998, Congress barred HHS from appropriating funds for the creation of a UPI due to privacy concerns. Language continuing the ban has been inserted into every Congressional appropriations bill for the past 21 years.
In June, the House of Representatives voted to overturn the moratorium, but the Senate left the ban intact in its year-end spending legislation for 2020 several months later.
The ban is a "misguided policy," Rep. Bill Foster, D-Ill., told a packed audience at ONC's conference Monday. "Our country seems to be the only club I know that doesn't have a list of its members."
Foster, along with Rep. Mike Kelly, R-Pa., sponsored the amendment passed by the House to stop the blanket ban on a UPI last year. And though the Senate ultimately decided to keep the ban, ONC has been tasked by Congress to detail steps the government can take to increase the efficacy of patient matching.
"We'll work through the report this year," Deputy National Coordinator for Health Information Technology Steve Posnack said Monday. "We'll have more to say in the coming future."
But UPIs have their fair share of opponents outside of Congress, too. Critics say there's already a slew of identifiers in the U.S. that could be standardized if need be in healthcare, such as a Social Security number or driver's license.
"We already have plenty of identifiers," said Blake Hall, founder and CEO of ID.me, an 8-year-old company that powers multifactor log-ins for patient authentification. "What we really need are passwords."
Even proponents agree there are major implementation challenges with rolling out a UPI, noting it's not an end-to-end solution, but should be built on top of other demographic data points to help create a holistic dataset for a patient. Additionally, it will be difficult to protect a UPI from fraud or other privacy concerns, and any program would have to be rigorously enforced by one trusted central authority (in this case, most likely the government) to make sure no populations are overlooked and all organizations accept it as a valid form of identity.
"We know unique identifiers would certainly be useful, but they're not a panacea," said Ben Moscovitch, health IT program director at Pew Charitable Trusts.
The debate is likely to continue, but take a back seat to hot button healthcare issues like "Medicare for All" or a fix to exorbitant surprise out-of-network bills. But sans a legislative shift, CMS could take some small steps to better leverage the demographic data already in use for patient matching today, like standardizing addresses to the United States Postal Service format, according to Pew research.
Yet the most stringent skeptics maintain there is no single solution to the problem of patient matching — and if one is found, it's unlikely to come from the federal government.
"Federated identity, at least in healthcare, has not worked at all," said Adrian Gropper, CTO at Patient Privacy Rights. "So the failure of federated identity is a starting point for where we have to go from here."