Universal Unique Patient Information Identifier UUPII
3 likes1,066 views
The document discusses the critical need for a Universal Unique Patient Identifier (UPI) to address patient data mismatches in healthcare, which can lead to significant safety issues and inefficiencies. It outlines the history of privacy regulations, particularly HIPAA, and the challenges in implementing a UPI due to legislative obstacles. The conclusion emphasizes the potential benefits of a UPI in improving patient safety, reliability of health information, and overall healthcare efficiency.
Universal Unique Patient Information Identifier UUPII
- 1. Frank Titus Avignone IV Submitted in fulfillment of the requirements for the degree of Masters of Jurisprudence in Health Law and Policy Loyola University of Chicago School of Law May 2013
- 2. 2 Introduction Unique Patient Identifier “Case On Point” Current Challenges ARRA & HIT Funding Privacy and Regulation HIPAA Alternatives to UPI Universal Unique Patient Information Identifier Summary & Conclusion
- 3. Cancer patient has surgery and some time later it is discovered that they were assigned a different patient’s Medical Record Number (MRN). The MRN actually belonged to a transplant patient with the same first and last name and same middle initial. Thus the Transplant patient’s history, medications, allergies, were in cancer surgery patient’s electronic record. New documentation on the surgical cancer patient was being entered into the transplant patients medical record. The surgical patient’s history, allergies, etc. were under his established MRN The Case On Point Introduction
- 4. Two Types of Patient Information Errors Duplicate Medical Record Numbers Two different persons sharing one Medical Record Number Introduction
- 5. Duplicate Medical Record Number Patient has two medical record numbers: important clinical information is in different places; new MRN will be missing medication history, allergies, radiology results, etc. etc. from previous visits and admissions Introduction
- 6. Two people erroneously sharing a single MRN This causes the blending of one patient’s lab and radiology history, medical history, with another patient’s allergies, wrong medication history Selecting the Wrong Established MRN Introduction
- 9. History • 1996, HIPAA mandated a Unique Individual Identifier for health care purposes • Due to concerns about privacy, 1999 Omnibus Appropriations Act prohibited funds to “promulgate or adopt any final standard”... until legislation is enacted specifically approving standard.“ • Congress has placed a clear mandate on health care community for adoption of EHRs & HIE capability • A uniform strategy to match patients with their records is essential History
- 11. Need for Unique Patient Identifier • Frequent mismatch between patients & clinical data a serious & growing patient safety issue. • 2008 Rand study: 8-14% of health records have patient-data mismatch. • Preventing & correcting mismatches a huge cost-driver • W/O one standard: different solutions being adopted & built into health information infrastructure. Need
- 12. • Absence of patient-data matching strategy: – Duplicate records – Incomplete and fragmented information – Billing problems – Increased fraud and abuse – Security problems – Quality of care issues • Patient-data matching strategy essential: – To reaching full benefits of HIT – Ensuring patient safety and privacy – Enhance patient privacy, security, and safety Need for Unique Patient Identifier Need
- 13. • In the enterprise, computer systems don’t talk to one another • Islands of data isolated in departments and systems • Integrating disparate systems is costly and difficult • Mandatory compliance with standards like HIPAA requires coordination Source: Integrating the Healthcare Enterprise (IHE) Need for Unique Patient Identifier Need
- 16. 16 Costs basis • Cost of one integration – Simple = $32K – Medium = $95K – Complex = $190K Hypothesis • 1,126 Hospital networks, • each includes Avg. 71 systems • 44 points of integration • 1,892 (44 x 43) integrations per network totalling 2.1 M (1,126 x 1,892) Assuming existence of standardized protocol for interfaces • $68.172 M (if Simple – $32K) • $202.316 M (if Medium – $95K) We need a different approach SYSTEMS TO CONNECT SYSTEMS TO CONNECT SYSTEMS TO CONNECT Contracts 2 App 1Appl 1 App 1Appl 2 App 1 App 1 App 1App 1Appl 1 App 1Appl 2 6 App 1App 1Appl 3 Interfaces = N (N-1) 12 App 1 App 1App 1Appl 1 App 1App 1Appl 2 App 1 App 1App 1Appl 3 App 1App 1Appl 4 Information Architecture Information Architecture
- 18. • Total $19.2 Billion for HIT – $2 Billion for ONC – $17.2 Billion for incentives through Medicare and Medicaid Reimbursement systems • Codifies ONC, HIT Standards Committee, HIT Policy • Provides grant and loan programs to assist providers and consumers in adopting HIT • Privacy and Security provisions in HIPAA for electronic health info Information Architecture Funding Information Architecture Funding
- 19. • Give 70% of Americans an electronic health record (EHR) within 5-10 years. • Use Medicare to incentivize the adoption of EHRs to improve quality, provide data portability, and allow for performance evaluation. • Eventually penalize non-adopters by reducing reimbursement. • Some rural providers will also be eligible for Medicaid incentives. Information Architecture Funding Information Architecture Funding
- 21. 4th Amendment (secure in their persons, houses, papers and effects against unreasonable searches and seizures) Fair Credit Reporting Act (1970) Privacy Act (1974) Family Educational Rights and Privacy Act (1974) Right to Financial Privacy Act (1978) Privacy Protection Act (1980) Electronic Communications Privacy Act (1986) Video Privacy Protection Act (1988) Employee Polygraph Protection Act (1988) Telephone Consumer Protection Act (1991) Driver’s Privacy Protection Act (1994) Telecommunications Act (1996) Children’s Online Privacy Protection Act (1998) Identity Theft and Assumption Deterrence Act (1998) Gramm-Leach-Bliley Act (1999) Privacy and Regulatory History Privacy & Regulatory History
- 22. Most of the preceding laws protect aspects of personal information (mostly financial), but not Health Information Inconsistent State laws exist for protection of information regarding certain health conditions -- HIV, Mental Illness, Cancer Privacy and Regulatory History Privacy & Regulatory History
- 23. • Health Insurance Portability and Accountability Act of 1996 • Proposed by Sen. Edward Kennedy (D-MA) and Nancy Kasselbaum (R-KS) – Focused on issues involving • obtaining new insurance at new job with pre- existing conditions • protection from fraud • administrative simplification – Electronic transmittal of data for billing purposes – Privacy issues related to transmission of clinical data Privacy and Regulatory History Privacy & Regulatory History
- 24. HIPPA effective 1996 HITECH ACT interim final rule 2009 effective 2010 Refer to the original bill: ARRA, H.R. 1 TITLE XIII: Health Information Technology. Within the HITECH Act, the Privacy and Security provisions are contained in: TITLE XII: Health Information Technology, Subtitle D, Privacy Privacy and Regulatory History Privacy & Regulatory History
- 25. Personal Health Information (PHI) – Anything that can potentially identify an individual Name Zip code of more than 3 digits Dates (except year) Telephone and fax numbers Email addresses Social Security Numbers Medical Record Numbers Health Plan Numbers License numbers Privacy and Regulatory History Notification Consent Authorization Privacy & Regulatory History
- 26. • HITECH increased Privacy and Security requirements • Enforcement of requirements - stronger • Business Associates must comply with same requirements then Covered Entities • Security Provisions - stronger and clarified • Privacy Provisions - stronger and clarified Privacy and Regulatory History Privacy & Regulatory History • Overstates the ability of informed consent to protect privacy • Fails to protect privacy through security, transparency, and accountability • Imposes burdensome procedures that offer little privacy protection • ARRA provisions for privacy
- 28. “The persistent campaign by members of congress such as Ron Paul (R-TX) who have successfully introduced and passed legislation baring the use of federal funds under the Social Security Act (42 U.S.C. 1320d–2(b)) for the use of providing a unique health identifier for an individual other than that assigned by the health plan or employer group” Universal Unique Patient Information Identifier 1999 Public Law 105-277 prohibited HHS from using any of its appropriated funds to promulgate or adopt any final standard providing for, or providing for the assignment of, a unique health identifier of an individual until legislation is enacted specifically approving the standard. Therefore, HHS is constrained from implementing a unique health identifier while this language is in effect. Universal Unique Patient Information Identifier
- 29. Probabilistic/fuzzy matching Williams Alexander 21 M 4039 Walnut St Box 490 Harrison Ct Philadelphia PA 19107 215231487 Williams Jason 26 M 3738 Wallace St Philadelphia PA 19107 2152548976 Williams Jesse 23 M 3609 Chestnut St Philadelphia PA 19107 2157984125 Williams Alberto 45 M 425 N 39th St Philadelphia PA 19107 2151348964 Williams Eric 48 M 724 40th St Philadelphia PA 19107 2155678941 Williams Matthew 65 M 2206 Walnut St Philadelphia PA 19107 2151479856 Williams Cathy 22 F 1100 Quaker Hill Philadelphia PA 19107 2151973846 Williams Jeremy 17 M 4218 Parkside Philadelphia PA 19107 2156485974 Williams Steve 2 M 1631 Scott St Phila PA 19107 2151597845 Williams Alexis 35 F 719 Woodlyn Dr Philadelphia PA 19107 2157899456 Williams Sandra 18 F 7711 Brous Ave Philadelphia PA 19107 2154654132 Williams Alex 21 M 4251 Walnut St Philadelphia PA 19107 2151234567 +10 +10 +10 +8 -3 -5 Total Score: 30 Total Score: 20 Universal Unique Patient Information Identifier Universal Unique Patient Information Identifier
- 30. False Positives and Negatives Used in Patient Linking The records in reality belong to: Different people Same person Result from matching Different people Correct result False negative Same person False positive Correct result Clinical information assigned to the wrong patient Clinical information not linked, patient has duplicate records Universal Unique Patient Information Identifier Universal Unique Patient Information Identifier
- 31. • Value permanently assigned to an individual for identification purposes • Unique across the entire national healthcare system • Not shared with any other individual 31 Universal Unique Patient Information Identifier Universal Unique Patient Information Identifier • Identification of an individual • Identification of information • Accurate identification functions • Reduce healthcare operational cost and enhance the health status of the nation National Committee on Vital and Health Statistics
- 32. • Index – Organizational MPI – Enterprise-wide MPI – Registry MPI • Information from previous episodes of care and different sites of care 32 Universal Unique Patient Information Identifier Universal Unique Patient Information Identifier • Scope of access – Within a single organization – Enterprise wide access – Nation wide access
- 33. • Methodology should have an explicit framework specifying linkages that violate patient privacy • Facilitate the identification of parties that make improper linkages • Unidirectional – should facilitate helpful linkages of health records but prevents identification of patient from health records or the identifier Universal Unique Patient Information Identifier Universal Unique Patient Information Identifier National Committee on Vital and Health Statistics
- 34. 34 Introduction Unique Patient Identifier “Case In Point” Current Challenges ARRA & HIT Funding Privacy and Regulation HIPAA Alternatives to UPI Universal Unique Patient Information Identifier Summary & Conclusion
- 35. 200 Breaches Impacting Almost 5.9 Million Individuals, with Theft and Loss of Laptops and PEDs Major Cause (December 2, 2010.M) http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html Summary and Conclusion
- 36. 35% of Fortune 500 companies admit to using medical records for hiring and promotions 65 Fed. Reg. 82,467 (Before HIPAA) Summary and Conclusion
- 37. Privacy regulations where they need to be Reform and reimbursement Health care information technology Consumer focused health care Summary and Conclusion A name is the first and final marker of individual rights, one fixed part of the ever-changing human world. A name is the most basic characteristic of our human rights: no matter how poor or rich, all living people have a name, and it is endowed with good wishes, the expectant blessings of kindness and virtue. Ai Weiwei Universal Unique Patient Information Identifiers allow the patient/consumer control allowing them to indicate that certain aspects of their medical records are "private", so that patients can allow or deny access to providers consistent with the organizational policies of HIEs. Universal Unique Patient Information Identifiers is cost effective and can virtually eliminate the 8-14% incidence of patient identification errors that is the current industry experience when patient identification is performed using demographic matching techniques. Universal Unique Patient Information Identifiers do not contain any patient information (identification, demographic or clinical) but can point to EMPIs which manage patient identity processing and links to clinical systems. Universal Unique Patient Information Identifiers can take government out of the equation working with voluntary programs, avoiding the creation of a monolithic system and data base of personal information and thus avoiding the costs and privacy risks associated with such a system.
- 38. The Old World Provider-focused Illness centric Site-of-care centric Episode Management Supply Management Solitary decision making Inefficiency De-centralized, generalized care The New World Patient & family-focused Medical home and wellness care Continuum of care & case management Disease and demand management Collaborative, evidence-based decisions Meaningful-Use objectives, metrics & criteria Patient safety, quality and effectiveness Centralized, specialized care 38 Summary and Conclusion
Editor's Notes
- #25: The Health Information Technology for Economic and Clinical Health Act, abbreviated HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub.L. 111–5). Under the HITECH Act, the United States Department of Health and Human Services is spending $25.9 billion to promote and expand the adoption of health information technology.The National Coordinator for Health Information Technology, Dr. FarzadMostashari, has explained: "You need information to be able to do population health management. You can serve an individual quite well; you can deliver excellent customer service if you wait for someone to walk through the door and then you go and pull their chart. What you can't do with paper charts is ask the question, 'Who didn't walk in the door?'"
- #26: NotificationInforming patients in simple language regarding the manner in which their data is handledConsent one time, general agreement to use the patient’s information in treatment. For payment, or for “healthcare operations”Lasts indefinitely, necessary for treatmentSharing information between primary care physician and consulting specialistRegulations allows provision of care to be conditioned on patient’s consent to use information for payment purposes.Authorization limited in time and scopeNon-routine purposeExample : Patient is actively participating in a research protocol and personal health information will be shared with a clinical service or university
- #32: While not listed as one of the core elements of an MPI, the American Health Information Management Association recommends the use of a Unique Patient Identifier to be included in the core data elements of the MPI. The Core Health Data Elements, published by the National Committee on Vital Health Statistics (NCVHS), also includes the use of a Unique Patient Identifier. In addition, the 1996 Health Insurance Portability and Accountability Act mandated UPI systems but security concerns have stalled those efforts. Consequently, the UPI is not yet established.An NCVHS report broke the term “Unique Patient Identifier” down into individual components and then summarized the results in a definition. The report states, “the identity of an individual consists of a set of personal characters by which that individual can be recognized. Identification is the proof of one's identity. Identifier verifies the sameness of one's identity. Patient Identifier is the value assigned to an individual to facilitate positive identification of that individual for healthcare purposes. Unique Patient Identifier is the value permanently assigned to an individual for identification purposes and is unique across the entire national healthcare system. Unique Patient Identifier is not shared with any other individual.”The NCVHS document lists potential benefits of a UPI. They include the potential to assure prompt access to healthcare information, timely delivery of care, linkage of lifelong health records of individuals, and aggregation of health information for analysis and research.
- #33: The third component that is an integral part of the Unique Patient Identifier is the Index.The index links the Unique Patient Identifier and the identification information of the patient. It serves as the directory of Unique Patient Identifiers. It must be capable of supporting identification functions within an organization, an enterprise and across the entire national healthcare system. Organizational Master Patient Index (Organizational MPI) - Individual providers and organizations that treat patients maintain an index of their patients, called Master Patient Index (MPI). It contains the patient identifiers and the patient's identifying personal and demographic information. The MPI maintained by organizations are unique only within the organization. It serves as a directory of patients for ready reference, verification and identification of the patient and patient information. Enterprise-wide MPI (EMPI) - Managed Care and Integrated Delivery Network are the results of healthcare reform and related initiatives. Such initiatives bring organizations together and require interoperability among them. An enterprise may contain multiple cooperating provider organizations. The enterprise-wide MPI (or EMPI) provides cross reference to the multiple provider specific MPIs so that a patient's information can be accessed across the enterprise based on the patient's identifier.Registry MPI (RMPI)/Software Mediation - Registry MPI is a new concept. It is also called the directory of MPIs. RMPI maintains pointers to those MPIs that are external to the enterprise MPI. RMPIs form a framework for facilitating the searching and matching of patients among different providers and multiple enterprises across the nation. Computer software to support the RMPI mediation functions is being planned by an organization such as HL7 and CORBAMed.Information from previous episodes of care and different sites of care - Organizational MPIs usually contain information relating to a patient's previous visits. Also, information on previous episodes of care from another organization, but within the same enterprise, can be obtained with the use of the EMPI. However, to access records or information from previous episodes of care from an unrelated organization, the respective site information is essential. Sites external to the enterprise will not be available from the EMPI. Although an RMPI can facilitate searching for a match among cooperating MPIs, sites unknown to an RMPI cannot be accessed for the search.