In healthcare, the idea of a national patient identifier (NPI) is suddenly hot again, after nearly two decades of rejection by privacy advocates and Congress. The College of Health Information Management Executives (CHIME), which represents CIOs, has taken the lead in the initiative to devise a private-sector solution that will be acceptable to privacy proponents.
CHIME announced last March that it would offer a $1 million prize to the winner of a National Patient ID Challenge. The contest – which will be conducted in association with HeroX, an offshoot of the XPRIZE organization – is seeking participation from innovators around the world. CHIME will launch the challenge this fall and expects to award the prize before the end of 2016, according to Keith Fraidenburg, executive vice president and chief strategy officer of CHIME.
Among the healthcare associations that support CHIME's effort are the American Health Information Management Association (AHIMA), the CommonWell Health Alliance, the National Patient Safety Foundation (NPSF) and the Healthcare Financial Management Association. In addition, the Healthcare Information Management and Systems Society (HIMSS), which represents health IT professionals and technology vendors, supports the concept of an NPI.
Why NPI is controversial
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) authorized the government to introduce an NPI as a way to make medical records more portable. But privacy advocates stopped the idea in its tracks, and Congress has passed laws against it regularly since then. Even today, there isn't enough public support to prompt Congress to reverse course, although HIMSS has tried.
So the private sector is trying to devise a voluntary solution that the privacy lobby will accept and that won't require government regulation.
Proponents of an NPI solution say it is crucial to ensuring patient safety and to enabling healthcare organizations to exchange electronic patient data. "We've reached a stage in healthcare where we're striving for interoperability," Fraidenburg says. "We want to share medical information across hospitals, health systems, counties, and even statewide, because we feel it benefits the patients and the caregivers."
He adds, "An NPI won't solve interoperability, but until we have a national solution for patient matching, we'll never be able to have interoperable healthcare systems."
The current method of using demographic data (name, address, phone number, date of birth, etc.) to establish patient identities is woefully inadequate, in the view of Fraidenburg and other NPI supporters. Even enterprise master patient index (EMPI) solutions, found in some electronic health record (EHR) systems, fall short, because their probabilistic algorithms don't use enough data elements.
Moreover, a report by the Office of the National Coordinator for Health IT (ONC) found that the data attributes used for patient matching in different providers' EHRs vary, making it difficult to identify patients across organizational boundaries.
The accuracy of patient matching ranges up to 90 percent or higher for internal use in the most advanced organizations, the ONC report noted. But it drops to 50–60 percent when swapping data with other organizations. Fraidenburg agrees with the latter estimate, but says that industry matching rates average only 80% even internally. "In our opinion, 80 percent isn't good enough."
Some new approaches are being tried to increased patient matching rates; but so far, none of them has achieved great success.
For example, CommonWell Health Alliance, a coalition of EHR vendors and other stakeholders, is in the process of establishing a national network of interoperable EHRs that will allow providers to locate and access patient records across organizations and disparate EHRs. CommonWell, which supports the NPI concept, provides a central patient matching service that supplements demographic data in participants' EHRs with other strong identifiers. These include driver's license numbers and questions about where and when a patient recently received care, says Jitin Asnaani, executive director of CommonWell.
Asnaani concedes that this approach requires manual effort. But he says that it fits well into the workflow of physician offices, hospitals, pharmacies, laboratories and other care providers.
Although CommonWell is still early in its launch phase, Asnaani estimates that its patient match rates are probably in the 80–90 percent range. Moreover, he points out, CommonWell's patient identification solution uses a learning algorithm that improves as it discovers cases where it came to the wrong conclusions.
Fraidenburg is skeptical about any approach that doesn't include an NPI. "For a lot of organizations to reach an accuracy level of 80 percent – and some do better than that – your matching algorithms can only get you so far," he says. "After that, you've got to do a lot of manual processing, which is very costly. Only the biggest healthcare systems in the country have the wherewithal to do the manual matching to get you from 80 percent to 90 percent. It's very time consuming, and most hospitals and clinics don't have the resources to do that."
What will NPI look like?
CHIME doesn't know what the NPI solution that wins its contest will look like. It's still in the process of establishing guidelines for the contestants and picking judges who will represent a range of stakeholders, including privacy advocates. But Fraidenburg says that the winning approach must protect privacy and security, must support interoperability, and must be cost effective, scalable, easy to use and attractive to consumers.
The NPI need not be a number, although a number could be a part of it, he said. Any such number, he stresses, should be encrypted. And, unlike Social Security numbers, which are still used by some healthcare organizations, the NPI number should not, by itself, identify the patient. Fraidenburg favors a multi-factorial approach, such as using retinal or thumb scans in addition to the encrypted code.
Since the government is statutorily prohibited from implementing the NPI, he says, it has to be voluntary. He hopes that, by shining "a big spotlight" on the winning solution as part of the contest, CHIME will prompt healthcare organizations to use it. If government agencies –particularly the Department of Health and Human Services and the Department of Veterans Affairs – used the NPI in their own healthcare operations, "that would give us the impetus for national acceptance," he adds.
But consumers would still have to embrace the NPI, and private supporters would have to be satisfied with it, he notes.
Asnaani agrees that consumer acceptance is key to the spread of any NPI solution. Patients who use the healthcare system frequently would be most receptive to the argument that the NPI could make their records more accessible to their providers, he says.
Wouldn't providers have a hard time dealing with multiple identifiers for different patients in their practice or hospital? Asnaani doesn't think so. He points out that an EHR could be set up so that everyone had the organization's medical record numbers, but only those who accepted the NPI had that number. If the system couldn't find their NPI, it would default to the local patient identifier.
Whatever CHIME comes up with, privacy defenders are sure to fight back. Some zealous advocates have already stated that they believe an NPI will only make medical records more vulnerable to theft and misappropriation.
But Fraidenburg says that he has seen a lot of interest in the NPI recently in both Congress and government agencies. Because of the need for interoperability, he states, this is an issue whose time has come.
"We feel we've reached a critical point in our nation's transition to EHRs and digital data where we have to solve this," he observes. "We don't have three to five years for the government to dwell on this or for the private sector to develop silo'd approaches."