As the U.S. invests billions of dollars to convert from paper-based
medical records to electronic ones, has the time come to offer everyone a
unique health-care identification number?
Proponents say universal patient
identifiers, or UPIs, deserve a serious look because they are the most
efficient way to connect patients to their medical data. They say UPIs
not only facilitate information sharing among doctors and guard against
needless medical errors, but may also offer a safety advantage in that
health records would never again need to be stored alongside financial
data like Social Security numbers. UPIs, they say, would both improve
care and lower costs.
Privacy
activists aren't buying it. They say that information from medical
records already is routinely collected and sold for commercial gain
without patient consent and that a health-care ID system would only
encourage more of the same. The result, they say, will be more patients
losing trust in the system and hiding things from their doctors,
resulting in a deterioration in care. They agree that it's crucial to
move medical records into the digital age. But they say it can be done
without resorting to universal health IDs.
Yes: It Means Better Care
By Michael F. Collins
The U.S. health-care industry has an identity crisis.
Lacking an easy, uniform way to identify patients and link them to
their health data, doctors, hospitals, pharmacies, insurance plans and
others throughout health care have created a sea of unrelated
patient-identity numbers that are bogging down our medical-records
system.
'An ID system 'could be the safest and most efficient way to manage health-care data.' -- MICHAEL F. COLLINS
Indeed, in an age when it's possible to
pay for a cup of coffee using a cellphone, transferring a single
patient's medical data from one health provider to another is often a
struggle, sometimes resulting in treatment delays and even needless
medical errors.
That is why, as the nation invests billions of dollars to convert
from paper-based medical records to an electronic
A UPI system, using one number that
seamlessly connects a person to all of his or her records, could be the
safest and most efficient way to manage health-care data. It would guard
against misidentification and make it much easier to pull together a
patient's records from disparate providers. Using today's best
technologies and practices, UPIs could help dramatically improve the
quality of health care, lower costs, accelerate medical discovery and
better preserve privacy.
That last point is by far the most contentious. It was privacy
advocates who stopped the move toward UPIs more than a decade ago,
leading to a ban on the use of federal funds just to study this
approach. Enough has changed that UPIs deserve another look.
Cases of Mistaken Identity
In the 2010 federal health-care law, substantial resources are
dedicated to promoting technology in medicine. We are investing billions
of dollars to convert from paper to electronic health records, and to
connect health-information hubs across the nation.
UPIs could make such systems more efficient. Currently, health-care
providers and administrators struggle daily to match patients to records
organized by disparate systems that rely on names, addresses, birth
dates and sometimes Social Security numbers. Names can be presented in
numerous formats, leading to duplicative records that cost money and
lead to errors. As our population grows, the number of people with the
same name and other similar personal data multiplies. Research cited by
RAND Corp. indicates patients are misidentified at a rate of about 7% to
more than 10% during record searches. As databases grow, the problem
will only worsen. UPIs can correct this situation.
What about data security? It is difficult—especially without being
able to study UPIs—to know what the safest approach is. Admittedly, no
IT system is immune to breaches.
That said, patients with UPIs hold a distinct and important advantage
in that their medical information is compiled and stored according to
that unique identifier, separate from financial data typically coveted
by thieves. UPIs can even be set up so that patients could choose to
have no identifying data in their record, making it completely anonymous
UPIs can be created with built-in checks against typing errors and
counterfeiting, and if a UPI is compromised, patients can "retire" it
and obtain a new one. Without a UPI, one can only regain medical privacy
by changing one's identity, not dissimilar from participation in a
witness-protection program!
Could the UPI be co-opted, the way the Social Security number has
been, and used for other things? That's something we must guard against.
By establishing a system where patients request the number through
their doctor's office, and from a third party, not the government, we
can help keep the UPI associated with medical data only.
Gaining Patients' Trust
Critics contend that UPIs will only make it easier for companies and
others to use medical data for commercial purposes. To protect against
this, they say, we need a system where physicians have to ask patients
for permission to access their information. Because there has been so
little study of UPIs, it's difficult to say whether those fears are
valid. But having patients decide which doctor gets which data is the
wrong choice. Doctors need full access to all of a patient's data, so
they can deliver the appropriate care. That is the essence of the
doctor-patient covenant. Furthermore, in critical-care situations, the
patient might be unconscious and, therefore, unable to grant access to
essential health information.
While narrowing access isn't optimal for patient care, new UPI
technology does make it possible. For example, one type of UPI could be
used for patients who want all of their physicians to have broad access
to their medical data, while another would indicate the patient must
first authorize access. Patients get to choose.
Even with all these protections, not every person will trust the
system. Studies show that many people already refuse testing and
treatment because they are worried it could be used to discriminate
against them. UPI critics say a universal health-care ID system will
only undermine trust further, but I would argue the opposite is true.
Problems related to misidentifying patients and accessing their health
information in a timely manner have eroded trust in the current low-tech
system, which is why we need a new approach. Building an efficient
records system that is more secure and offers better coordinated care
can only enhance trust between patients and providers.
Congress should lift the ban on federal funding for UPI research, and
we should better inform patients about the benefits of UPIs. No one
wants medical data to fall into the wrong hands, but neither do we want
patients to suffer because their medical information cannot be accessed.
Dr. Collins, a board-certified physician in internal
medicine, is chancellor of the University of Massachusetts Medical
School in Worcester, Mass. He can be reached at reports@wsj.com.
No: Privacy Would Suffer
By Deborah C. Peel
Doctors and patients need to find a better way to collect and share
personal medical records from the innumerable places health data are
collected and stored. But linking people to their health data via a
unique identifying number isn't the answer.
'History shows that universal IDs are always used in unintended ways.' -- DEBORAH C. PEEL
Yes, assigning everyone a universal
patient identifier, or UPI, would improve doctors' ability to share
information and make it easier for hospitals to differentiate one John
Smith from another. But a universal health ID system would empower
government and corporations to exploit the single biggest flaw in
health-care technology today: Patients can't control who sees, uses and
sells their sensitive health data.
Searching for sensitive patient information would take just one
number, not dozens of account numbers at professional offices,
hospitals, pharmacies, labs, treatment facilities, government agencies
and health plans. UPIs would make it vastly easier for government,
corporations and others to use the nation's health information for their
own gain without patients even knowing it.
What's more, any benefits associated with UPIs would be erased when
patients, knowing their doctors have no control over where health-care
data go, refuse to share sensitive information about their minds and
bodies. This is a very real issue: Without privacy, patients won't trust
doctors. In 2005, a California Healthcare Foundation survey found that
due to the lack of privacy, one in eight patients lies, omits critical
details, refuses tests or otherwise keeps sensitive health information
private. Six hundred thousand people per year avoid early diagnosis for cancer alone.
Invitation to Snoop
We are in the midst of an unprecedented data-privacy crisis. Changes
to federal regulations in 2002 eliminated patient control over who sees
personal health information and led to explosive growth in the
data-mining industry. Pharmacies, health-care IT vendors, insurers and
others routinely sell and commercialize prescription records, genetic
tests, hospital and office records, and claims data to drug companies
and any willing purchasers. Even with names and key identifiers stripped
off, it's simple to reidentify patients. Under the guise of improving
health, lowering costs or promoting innovation, even government agencies
sell and give away large databases of patient records.
Universal health-care IDs would only exacerbate such practices.
Further, UPIs would encourage the government and corporations to
build massive, centralized databases of health information, rich targets
for data theft and abuse. UPIs would become a de facto universal
identification system far more harmful than Social Security numbers,
enabling millions of government and corporate workers to snoop into
anyone's medical records.
But concerns about health IDs go much deeper. UPIs exacerbate the
commoditization of patients by encouraging the perspective that
government agencies and corporations have superior rights to decide and
control core aspects of who we are. A unique ID system is like giving
master keys to millions who work in health care—they no longer need to
ask patients to see records.
In the end, cutting out the patient will mean the erosion of patient
trust. And the less we trust the system, the more patients will put
health and life at risk to protect their privacy.
Such an obvious outcome makes a mockery of claims that UPIs would
"reduce errors" and improve "patient safety." Similarly, claims that
UPIs will be kept separate from personal and financial IDs are wishful
thinking. All health records have financial records attached. But more
important, history shows that universal IDs are always used in
unintended ways. Social Security numbers were to be used only for
payroll taxes, but morphed into universal IDs for health and commerce.
UPIs will share the same fate.
Patients in Control
If a single ID number isn't the answer, what is? The best way to
share sensitive health information is to build electronic-records
systems where patients are in control of their own medical records, not
government and industry. Health professionals should seek permission to
see personal data, but only patients should release or link it. This is
how it works with paper records systems, and there's no reason we should
be less concerned about privacy in the digital age.
Existing technologies can allow patients to set default rules to
govern data exchanges electronically, such as: "In emergencies, treating
physicians may access my entire medical record" or "Anytime I receive
health treatment, send copies to my family doctor." Consent rules can be
changed instantly online, and sensitive information can be selectively
withheld at the patient's discretion.
Unique patient IDs are unnecessary for this system. Much like using
online banking to pay bills, patients can use online health systems to
send encrypted information from medical accounts to whomever they
choose.
Decentralized systems with smaller data sets protect privacy because
if any account is broken into, only some information is compromised.
More important, they require mediation by the patient. Imagine a
universal ID system for all financial transactions where all retailers
had our IDs. Commercial transactions would be more efficient if
retailers could see and debit our accounts without consent. But it would
be unacceptable—and it should also be unacceptable for others to use
your health records without permission
I agree that we need to transform the health-IT system so health
professionals and researchers can electronically tap into complete and
accurate health information. But any such technology should allow
professionals to treat patients as individuals whose needs come first.
That won't happen if we create an electronic medical-record system that
no one trusts.
Dr. Peel, a psychiatrist and health-privacy expert
in Austin, Texas, is the founder of Patient Privacy Rights and leader of
the bipartisan Coalition for Patient Privacy. She can be reached at reports@wsj.com.