Making a Case for a National Patient IDCHIME Executive Explains Efforts to Get Congress to Act
Healthcare CIOs are again pushing Congress to lift a 16-year-old ban on creating a unique national identifier for patients. The IT leaders say the ID is more critical than ever in facilitating secure national health information exchange, says Leslie Krigstein of the College of Healthcare Information Management Executives, an association for CIOs.
When Congress passed HIPAA in 1996, the law called for the creation of a unique health identifier for individuals. But in response to controversy that included privacy concerns, Congress in 1999 passed a law prohibiting federal funding for the identifier.
Since then, however, the widespread adoption of electronic health records systems and the federal push for secure national health data exchange has increased the need for an identifier, Krigstein notes in an interview with Information Security Media Group. An identifier would help ensure, for example, that that the right records are exchanged among multiple providers treating a patient, she says.
"As we continue to talk about the need for more fluidity of health data and the need for patients to have complete access to their records, we really need to make sure that we are, in fact, sharing the information of a particular patient," she says.
In a recent letter to the Senate Committee on Health, Education, Labor and Pensions, CHIME urged Congress to remove the ban that prohibits the Department of Health and Human Services from using federal funds for the development of a unique patient identifier.
"We think that, as a CIO community, if we can have that ban removed, and have HHS freely engage in conversation relative to patient identification, that's where we can explore the diversity of solutions," Krigstein says. "We know there are many options [for a unique identifier] that are not just a number alone."
Those options could include biometrics or algorithms that help to uniquely identify patients so that critical data is accurately matched with the correct individual when information in health records is accessed, added and shared, she says.
"We want to make sure we have a national approach that can allow for consistent matching regardless of what system you're in, what city or what state you're in."
To help safeguard a new identifier from hackers - who have stolen tens of millions of Social Security numbers and other personal information from U.S. patients in recent months - Krigstein says the ID could be protected "under layers of security."
The security of the IDs "is fundamental in the conversations" that CHIME members are having about the different approaches that can be taken in creating a patient identifier, she says.
In the interview, Krigstein also discusses:
- Whether a unique patient identifier would require hospitals and health information exchange organizations to modify their EHR systems or other health IT;
- Why CHIME is urging Congress to lead an "open dialogue" to help states align their various privacy and consent laws, and to re-examine various provisions within HIPAA;
- Where CHIME stands on proposals in the 21st Century Cure Act, being debated in Congress, to change HIPAA provisions in order to ease the use of protected health information in medical research (see House OK's Bill Altering HIPAA).
As interim vice president of public policy at CHIME, Krigstein oversees the association's congressional advocacy and federal agency engagement efforts, which are focused on the effective use of information management within healthcare. Prior to joining CHIME - which has 1,600 members, including healthcare CIOs and CISOs - Krigstein was a member of the Congressional Affairs team at the Healthcare Information and Management Systems Society.