Patient ID and Fair Info Practices for ID
Session Topic: Patient ID and the Fair Info Practices for ID
Convener: Adrian Gropper
Notes-taker(s): Scott Mace
Adrian: A well-defined patient ID is essential.
Frameworks of patient ID can allow for auditable criteria.
First level: Clinical encounter. Data doesn’t go anywhere. Isolated.
Second level: Payment/association. No need to introduce external sharing beyond that.
Third level: Aggregation (registries).
Third (B) level: Coercive – PDMP, mental health for guns registries
VHID, a proprietary scheme for one group that hands out unique identifiers.
EMPIs vs GUIDs
The challenges are cultural and legal, more so than technical.
Adrian: I have never seen a study that payment fraud is a problem other than intentional sharing of identity in places like New York; identity theft at the medical record level that can be tricky to unwind.
It’s the economic value of the information. One respect is the ability to do value-based rewards or shared savings. The other one, more important, the institutions want to lock in patients and providers to negotiate better (37:00).
How does Partners manage to get a 30 percent premium?
Michael: Healthcare is very personal. Within our system – we’re in 23 states – if you go up to Alameda, there’s a good chance we have no idea who you are. What if they come in an ambulance and they’re unconscious?
How do we deliver the highest quality of care? Patient ID is another word for transparency.
The Patient Privacy Rights Proposal has two components. Globally unique voluntary ID should be a Direct email address. It’s voluntary to the extent the Direct standard allows for a Direct certificate to self-sign. (42:00). At that point you have a system of verifying when I seek care from you. You want to know you’re in control of that ID. You just send me an email. This is within the existing law. Meaningful Use. Direct is in 40 of the 50 states, not sure what the number is.
The second thing we recommend, there is the W9 form. The thing that has your SSN, name/address, signature, and some governance, the IRS. Standardized form with one purpose. Make sure people aware on both sides as to how they are being tracked or their info is being aggregated. So having a W9, if you are going to allow for a transparent, non-coercive way of doing aggregations, the easiest way to do it is ask people what ID they want you to use (??). If patient forgets the email address, create a second one. Possible to do what’s being done in India, shoot first and ask questions later.