The Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandated the development
of a unique patient identifi er (UPI) for “every individual, employer, health plan, and health
care provider.†UPIs were intended to serve as central building blocks for new health information
technologies and to enable physicians, hospitals, and other authorized users to share clinical and
administrative records with greatly improved effi ciency. But in the years since 1996, Congress has consigned UPIs to legislative limbo, responding to concerns that federal privacy policies are not adequate to protect the personal health information associated with a UPI.RAND analysts Michael Greenberg and Susan Ridgely examined the privacy implications of UPIs
in the context of an emerging national health information network (NHIN). Th ey suggest that UPIs
plausibly might be privacy enhancing rather than privacy degrading. More important, they assert that the
controversy over UPIs distracts from the key privacy issues connected with an NHIN: namely, the need
to strengthen HIPAA privacy rules and to reconcile current state laws on health information privacy.
More – RAND Corporation Fact Sheet [pdf]