DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System

Posted on October 20, 2008October 24, 2024 by Dissent

By: Richard Hillestad, James H. Bigelow, Basit Chaudhry, Paul Dreyer, Michael D. Greenberg, Robin C. Meili, M. Susan Ridgely, Jeff Rothenberg, Roger Taylor

A national health information network, or NHIN, that enables disparate health care information systems across the United States to allow authorized users to easily and quickly share critical health information has the potential to enhance safety and dramatically improve the quality and efficiency of the national health care system. A unique patient identifier (UPI) to use as a singular key to accurately link, file, and retrieve individual health records was seen as an important element of the national system and was mandated as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) legislation. However, privacy and security concerns about electronically sharing patient information have completely sidetracked the development of standards for a UPI and threaten to delay the development of the NHIN.

Correctly linking patients to their health data is a vital step in achieving quality health care. The two primary approaches to this linking are the UPI and statistical matching based on multiple personal attributes, such as name, address, and Social Security number (SSN). Lacking a UPI, most of the U.S. health care system uses statistical matching methods. There are important health, efficiency, security, and safety reasons for moving the country away from the inherent uncertainties of statistical approaches and toward a UPI for health care.

This monograph examines the operational advantages and disadvantages, compares the errors, examines the costs, and discusses the privacy issues associated with the UPI and its alternatives. Our analysis indicates that a health care system in which every patient has a unique, nondisclosing (i.e., containing no personal information) patient identifier is clearly desirable for reducing errors, simplifying interoperability, increasing efficiency, improving patient confidence, promoting NHIN architectural flexibility, and protecting patient privacy. A one-time cost of $1.5 to $11.1 billion for a UPI, to remove the systemic errors in health-records retrieval, is small by comparison with the value a potential efficiency savings of $77 billion per year at the 90-percent level of adoption (with additional safety and health values that could double these benefits) that previous studies estimated for connected Electronic Health Record (EHR) systems. Prohibiting development of a UPI actually sidesteps the larger problem: the development of a NHIN without first establishing a legal environment that best protects privacy while also encouraging the advances that interoperability of EMR systems between providers would bring to health care quality and efficiency. Continuing de facto endorsement of statistical matching as the only practicable approach to linking patients to their electronic health records will inhibit the effective development of the national health information network.

This monograph should be of interest to health care IT professionals, other health care executives and researchers, and officials in the government responsible for health policy.

Free, downloadable PDF file(s) are available from:
Full Document (File size 0.6 MB, 2 minutes modem, < 1 minute broadband)
Summary Only (File size 0.2 MB, < 1 minute modem, < 1 minute broadband)

Category: Health Data

Post navigation

← Taking a Peek at the Experts’ Genetic Secrets
Working Together on Health Information Privacy →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.