Surviving the Equifax Experience

Like many of you, we have been transfixed as not one but two enormous hurricanes have brought death and destruction to entire states.  Our hearts go out to all those who have been affected.  But, people are resilient and recover from a hurricane.  Roads will be cleared, power will be restored, debris will be collected, and structures will be rebuilt.

Last Friday, another category 5 event occurred that may take us much longer to recover from.  Equifax, one of the three large United States credit monitoring companies, announced that it had been hacked and that personal information of 143 million Americans has been compromised.  What makes the Equifax situation doubly ominous is that there is no clear path to restore the identity integrity of the affected individuals.  People will be given credit monitoring, some will receive new credit cards, many will monitor their finances with renewed care.  But there is no mechanism in place to restore the integrity of the millions of identities affected by this breach.

This is an unacceptable situation.  At Global Patient Identifiers Inc. (GPII) we believe that the way we manage identities in US Healthcare must change.  New capabilities that provide the ability to fully restore an individual’s identity integrity must be implemented.  This is not possible using the existing demographic data approach to identity management alone.  A radically more capable technology with robust  error recovery must be added.

GPII has over a decade of experience creating a solution to this problem specifically for healthcare.  What is required is a properly designed unique identifier that can be managed by each individual person; an identifier that addresses complex issues like data breaches and patient privacy.

How does the GPII approach to this problem differ from others:

  • The solution operates with no personally identifiable information.
  • In the event of a data breach, the solution can completely restore an individual’s identity integrity going forward in the same way the financial industry does today with a compromised credit card.
  • Patients can use the solution to manage the privacy of their information according to their unique needs.
  • The solution can be added to a healthcare organization’s IT environment with little or no change to existing systems.
  • The solution is at least an order of magnitude less expensive than other approaches.
  • The solution can benefit from evolving technologies such as biometrics and mobile devices to provide more options for the patient and the provider.
  • GPII is a not-for-profit organization that is dedicated to solving this problem in a manner acceptable to all healthcare constituents.

We welcome critical analysis aimed at exploring whether this solution could lead to a qualitative improvement in identity management across United States healthcare.  Data breaches will continue.  We must be able to respond more effectively.

Please direct questions and comments to bhieb@vuhid.org.

Rob Macmillan, CEO

Barry Hieb, Chief Scientist

Global Patient Identifiers, Inc.

www.gpii.info

 

Advertisements

National Patient ID – All Talk, No Action. Why??

We have been talking about a national patient identifier in the USA for decades.  And well-respected organizations like Rand, ASTM, Sequoia, ONC, and many others have studied the patient matching problem, issuing a series of reports that confirm what we all know — there are serious problems associated with mismatching including unnecessary testing, medication errors, and even death; negatively impacting quality, efficiency, and patient/clinician satisfaction across the entire healthcare system.

We all agree…but few are willing to actively pursue a solution.  Why?

  • It is complicated and any proposed fix is costly. Virtually all healthcare organizations have multiple IT systems and dozens of them may be involved in the care of any one patient, including billing.  Getting all vendors to support a single approach and then upgrading these systems is a massive effort.  So, it’s easier to put an “enterprise patient matching index” (EMPI) on top of them to match patients using personally-identifiable information (PII) such as name, address, birthdate, etc.
  • EMPIs fail about 8-10% of the time. Multiple studies have shown that patient matching is fraught with difficulties.  Different spellings of names, changes of address, changes of gender, and the fact that matching is often done under time pressure to get the patient moved to where they can get care – all of these contribute to matching failures.
  • Interoperability makes things worse. Despite federal initiatives to increase data sharing among healthcare organizations, these providers generally do not share patient identifiers and, therefore, must rely solely on matching PII to ensure that patient records from different organizations belong to the same individual.  In these cases, the identification error rate can skyrocket to 40% or even more.  And with increasing pressure to “interoperate”, these errors will only increase if we don’t solve the patient ID problem.
  • More data for matching leads to more problems. A classic response is that “maybe we just need more data.”  The assembly of massive databases of PII – while they can lead to some reduction in patient mis-identification incidents – raise enormous problems in terms of privacy, manageability, maintaining proper updates, and cost.  Identity theft and massive data breaches are just two of the complications that result.

This first in a series of GPII blog posts is published in hopes of drawing attention to the possibilities for a real solution to the patient ID problem.  We need a solution that can protect existing health IT investments; take synergistic advantage of both legacy technologies and emerging ones (e.g., biometrics); avoid large data bases and security risks; support patient empowerment and privacy; be implemented at a reasonable cost; and ensure providers and their patients that the information they’re using to make important healthcare decisions is the right information.  Watch this space!  And go to www.gpii.info for a more in depth discussion of patient identification issues.