Health IT, MedCity Influencers

We need to make secure patient identification a higher priority

We know that inadequate and inconsistent patient identification places patients at risk for medical errors but the problem goes far beyond protecting individual patient safety

A few months ago I was stricken with the flu. If you managed to avoid contracting the flu this year, congratulations, because you certainly dodged a bullet. Although I usually take the old school approach of riding it out  — avoiding doctor visits and prescription medications — my fever was so intense that I knew simply waiting for it to pass wasn’t an option. Reluctantly, I made an appointment with my primary care physician and dragged myself to the doctor’s office.

Most of us are quite familiar with the routine when you arrive at a healthcare facility. Go to the front desk, announce your presence and hand over a form of ID and/or your insurance information to verify that you are who you claim to be. The registrar will (normally) take a photocopy of your personal identification credentials, hand you a clipboard with forms to fill out and then you park yourself in the waiting room and wait to be seen by a clinician.

When I arrived at my PCP’s office, the registrar behind the front desk asked my name and to see a copy of my driver’s license. Fair enough. I presented the information and was then told to sit and wait. By the nature of my profession, I tend to be a bit more hypersensitive and aware regarding protecting patient identities so while I was sitting in the waiting room I began to wonder, “How does this healthcare provider really know that it’s me?” What if I presented a fake driver’s license and was attempting to assume the identity of another patient? Would the provider even know? Would the provider be protecting my safety and privacy more effectively if they used a patient identification method that asks who I am vs. verifying I am who I claim to be?

I admit, questions such as these are not part of a normal thought process for most of us when we visit a healthcare facility. Most tend to assume that we will never be the victims of crimes like medical identity theft or fraud, and that our providers are doing everything they can to protect our identities and access to protected health information. After all, healthcare providers exist to make us feel better and arguably should be the last place we go where we feel our own privacy and well-being is jeopardized by inadequate identity verification. The reality is that most healthcare providers are woefully unprepared to handle the challenges of 21st century patient identification and are relying on antiquated means of identifying patients, placing the patient and themselves at great risk for a medical error or identity theft that could lead to permanent damage or even death.
Should the average patient be more concerned on how healthcare providers confirm their identity? The answer is a resounding yes and here’s why.

Eliminating medical errors

Throughout the healthcare industry, a failure to correctly identify patients continues to endanger their safety and the safety of other patients often resulting in medication errors, transfusion errors, lab and testing errors, wrong patient procedures, and the discharge of infants to the wrong families. The ECRI Institute recently released its fifth “Deep Dive” analysis of patient identification in healthcare. The report illustrates the high risk of wrong patient errors throughout the multitude of patient encounters along the care continuum.

What’s clear across the patient identification landscape is that providers continue to circumvent standard identity authentication protocols and that most, possibly all wrong-patient errors are preventable.

Consider for a moment that you have been a victim of medical identity theft or fraud and another person has stolen your identity in order to receive care under your name. If a provider fails to catch the perpetrator and administers care, inaccurate medical information will appear on your electronic health record, which places you in danger should a clinician act upon this erroneous information if you show up at their facility to be treated (God forbid that you arrive unconscious). Now consider the time and expense incurred for you to clear your name and restore your identity. The average cost to restore a patient’s identity after medical identity theft is $20,160, according to data from Right Patient.

We know that inadequate and inconsistent patient identification places patients at risk for medical errors but the problem goes far beyond protecting individual patient safety. The digitization of healthcare has sparked a host of new healthcare initiatives that are meant to improve individual and population health through the advent of interoperability and health information exchange (HIE) programs.

Designed to mobilize protected health information (PHI) data across organizations within a region, community, or hospital system and allow disparate health systems to share information, interoperability and health information exchange is believed to be a key linchpin to improving the continuity of care across multiple, often disparate healthcare providers. However noble these efforts may be, the inconsistencies of accurate patient identification across these healthcare organizations increases the risk that “dirty data” will pass between providers and further exacerbate medical errors and patient safety risks.

For example, let’s say that you are on vacation in Disney World in Orlando with your family. You fall ill or experience a medical emergency and you need to seek immediate care from a local hospital. When you arrive, through modern HIE technology, the healthcare provider would theoretically have access to your medical history, passed through the HIE directly to their electronic health record system. If healthcare providers on your local network have accurately identified you on each visit and recorded the care received on the correct medical record, the data received via the HIE will provide a complete and thorough history for clinicians prior to treatment.

However, it only takes one case of patient misidentification on one visit for a duplicate medical record to be created, which increases the risks that any history documented on your medical record would not be included and subsequently passed to the Orlando provider. What if that one case of patient misidentification and resulting duplicate medical record created documented a life-threatening allergy? Or perhaps a dangerous and potentially fatal reaction to a medication? This information is invisible to the existing provider and could place you and the facility at tremendous risk for a medical error.

Impact of connected health on accurate patient identification

Healthcare digitization has shepherded additional initiatives beyond HIE and interoperability and mobile health is a great example.

Loosely defined, mHealth encompasses a lot of the new and shiny healthcare apps that providers and others have flooded the market with which are designed to offer health-related services for smartphones, tablets, and PCs.

Wikipedia defines “connected health” as:

…a socio-technical model for healthcare management and delivery by using technology to provide healthcare services remotely. Connected health aims to maximize healthcare resources and provide increased, flexible opportunities for consumers to engage with clinicians and better self-manage their care.

While it’s accurate to say that mobile health and connected health are byproducts of healthcare digitization and a natural evolution of care delivery, the generational differences in healthcare consumption is an additional driving force.

Patients are rapidly evolving into multiplatform healthcare consumers, accessing patient portals and healthcare services via smartphones, laptops, tablets, and other smart devices. This has become the new reality we live in, especially younger generations that were born with a smartphone in hand. They tend to look at engagement differently, want it to be remote, and tend to prefer healthcare services outside of traditional settings (e.g. telemedicine). With the explosion in remote care and the push for patients to consume services outside of brick-and-mortar environments, it becomes evident that any patient identification risk management strategy has to include the ability to authenticate patients beyond physical trips to the hospital or doctor’s office.

Remember, in-person is human to human interaction. When you log into a portal – what does it know about you? It really doesn’t know anything, stoking the urgency for providers to take extra measures to protect your medical identity and unauthorized PHI access.

Criminals and predators feast on stealing medical records largely because medical information sold on the dark web is four times as valuable as a social security number. Often times when you visit a hospital, you are sharing your name, birth date, policy number, diagnoses codes, social security number, and billing information. Criminals can use this information to create fake identities that allows them to buy and resell medical equipment or drugs, or file fake claims with insurers. Due to the fact that medical records often contain addresses, phone numbers, and employment history, criminals can also use this data to file false tax returns.

It’s easier to see why protecting one’s medical identity when accessing or using mobile health apps or connected health platforms is just as important as in-person visits to ensure your safety and well-being.

Accurate patient identification in healthcare is, admittedly, something we tend to take for granted and (myself included) often assume healthcare providers are taking the proper steps to protect our medical identities. The reality is that many providers use outdated identification security protocols that increase the risks of sensitive PHI falling into the wrong hands or that may create a duplicate medical record that a provider may never see or even know about. Missing or incomplete PHI leads to medical errors that can cause serious harm or even death.

Photo: Warchi, Getty Images


patient identification in healthcare
patient identification in healthcare

Michael Trader

A serial entrepreneur with a passion for innovation, Michael has been an early-stage and founding member of several successful technology companies in the areas of strategic sourcing, biometrics, and healthcare. He has advised dozens of Fortune 1000 companies, traveled to more than 30 countries, is a frequent presenter at various healthcare symposiums, and has been interviewed by media and research outlets such as CNN, Fortune Magazine, Health Data Management, and Frost & Sullivan.

At RightPatient, Michael is responsible for overseeing business development and marketing activities, government outreach, and for providing senior leadership on business and policy issues. Michael holds a BS degree in Biological Sciences from the University of Vermont where he graduated with honors.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.

Shares0
Shares0