MedCity Influencers

How do we allow patient identification without compromising critical patient information?

In light of the data breaches we have witnessed, most recently at Equifax, it seems clear that the safest way to reliably and safely identify patients is to separate the identifier from the data.

cybersecurity, lock, digital, cyberattack

The proximity of two occurrences, the well-publicized Equifax breach and the less well-publicized Experian announcement that it intends to take on the unique patient identifier challenge, should concern us.

As the facts emerge, it seems clear that Equifax was lax in its security procedures and that, hopefully, Experian is much more diligent than its rival.

My concern is twofold. First, healthcare, in general, is more complex than most financial services imagine and they frequently have not thought through those complexities. Second, and more importantly, is the fact that any company that stores critical financial information is and will continue to be too attractive a target for cyber-criminals. This means that more breaches will occur with even more catastrophic consequences.

It seems clear that the safest way to reliably and safely identify patients is to separate the identifier from the data. This may be what was intended when HIPAA was first passed and included an identifier before it was removed because of privacy concerns (which may have been overblown if the identifier was properly implemented).

There already is a standard for such an identifier documented as: Universal Healthcare Identifier (UHID) ASTM E1714. Given the fact that the U.S. government is unlikely to move from its current position on identifiers, there is a follow-on Voluntary Universal Healthcare Identification System (VUHID) standard which gives greater control to the individual.

In fact, there was an experiment funded by the Robert Wood Johnson Foundation that “demonstrated the technical feasibility of using a voluntary universal healthcare identifier card to link each person with their health record,” according to a post on RWJF about the research. 

Unfortunately, the Western Health Information Network, where the experiment was based, declared bankruptcy (unrelated to the experiment) before the project was completed.

There still is an organization, GPII, with the knowledge and ability to implement a VUHID. New projects of systems that allow patient identification without compromising critical patient information would avoid future ‘Equifax-like’ breaches. There already is the standard. All we lack is the resources and will to move forward.

Photo: mattjeacock, Getty Images


Avatar photo
Avatar photo

Albert Shar, Ph.D

Albert Shar, Ph.D., is managing principal at QERT (qertech.com), a technology consultancy that works with businesses providing expert advice in the strategies necessary for success in today’s rapidly changing and competitive healthcare environment. Prior to QERT Shar was VP for IT and senior program officer for the Pioneer Portfolio at the Robert Wood Johnson Foundation (RWJF) where he helped developed innovative approaches to the uses of technology in transforming healthcare. Previously he was director for IT Research and Architecture at the R.W. Johnson Pharmaceutical Institute, a Johnson & Johnson company. Shar was director of technology services at the University of Pennsylvania Health System, and CIO of its Medical School. He has held a number of faculty positions at the University of Pennsylvania School Of Medicine (Pharmacology and Gastroenterology), University of New Hampshire (Mathematics and Computer Science) and the University of Colorado (Pure and Applied Mathematics). Shar was a visiting professor at the ETH-Zurich FIM and holds a patent in medical imaging and is the author of more than 50 articles in healthcare, computer science, and pure and applied mathematics.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.

Shares0
Shares0