Client Registries: Identifying and Linking Patients PERTEMUAN Ke - 10 Taufik Rendi Anggara., MT Manajemen Informasi Kesehatan Fakultas Ilmu Ilmu Kesehatan

LEARNING OBJECTIVES

• Defne a client registry and describe why such registries are needed in health information exchange.
• Detail common strategies for implementing a client registry.

• • Discuss common challenges encountered when implementing

  a client registry.
• Highlight the critical role a unique identifer plays in implementing a client registry.
• Distinguish between the common methods of patient matching.

PATIENT IDENTIFIERS

  EHR systems manage records. Much of the information maintained in EHR systems pertains to patients—or clients—who receive health care services from a clinic or hospital. In order to efectively manage information about patients, EHR systems must assign and use patient identifers, such as a medical record number (MRN), when performing tasks such as creating a new record, updating an existing record, or deleting a record. Identifers (or IDs) ensure that the correct record is added, updated, or deleted. Patient identifers can be thought of as belonging to two general classes: (1) a unique code or set of codes specifcally designed to uniquely identify a patient in a given system and (2) an aggregate set of demographic and related attributes used to describe a patient uniquely, such as name, sex, date of birth, address, etc. Whether utilizing existing or creating new patient identifers, it is prudent to understand the context in which the identifers will be deployed.

UNIQUE PATIENT IDENTIFIERS

  Strategy for Assigning UPIs

  A UPI requires a sequence allocation sufciently large to cover an entire population over time, theoretically for as long as the number will be in use. Sequencing schemes available for development of a UPI generally fall into three numbering systems: serial, derived, and composite.

• In serial numbering systems, each individual is assigned a number from a central location. These numbers are automated and do not assimilate any nonunique characteristics of the individual. England’s National Health Service number is an example of serial numbering system, with some added functionality.
• As the name suggests, derived numbering systems create a number based on, or derived from, a personal trait of the individual. In contrast to serial numbering, assignment of a derived number can take place anywhere but runs the risk of failing to be unique when derived from a personal trait which is shared by other individuals.
• Composite numbering systems assign part of the number from a central location and the other part is derived from personal traits, thus represents a combination

  

Cont.

  Attributes of Ideal Identifers

  Much of the concern around utilizing a universal identifer for health care, particularly in the United States, is fear of malicious intent in the event of a data breach. The only true way to prevent the possibility of confdentiality breaches is to exclude personal information; such as name, social security number (SSN), date of birth, etc., and to eliminate the possibility of linking the health care identifer to databases which contain personal information. At the time of writing, and for the foreseeable future, no identifer exists which will perfectly ascertain all individuals uniquely across all scopes of health care; at least not one that is neither physically invasive (eg, implanted device) nor invasive of a citizen’s right to privacy. Health care identifers are often assigned within individual information systems (eg, laboratory, radiology) as well as organization-wide (eg, MRN). However, as discussed, these identifers are meaningless outside of the domain in which they operate. One solution to this identity challenge is to establish a unique identifer that crosses organizational boundaries. The American Society for Testing and Materials (ASTM), which is a standards development organization accredited by the American National Standards Institute (ANSI), describes 30 criteria which should be used to evaluate the efcacy of a candidate identifer.

  

Cont.

  Attributes of Ideal Identifers (cont)

Meeting all of the proposed criteria would lead to a UPI that achieves

the following:

• positively identifes patients.

• •automatically links and collates patient records from disparate

  electronic sources, creating a longitudinal care record,
• protects patient’s personal health information and privacy, •efectively minimizes the cost of patient record management.

  No identifer exists which could meet all of the criteria proposed by the

  standard because some ideal attributes confict with each other. For

  example, a ubiquitous and easily accessible identifer may not

  adequately preserve privacy. The following is a description of selected

  ideal UPI attributes; for succinct defnitions and examples, refer to

  

Cont.

  Attributes of Ideal Identifers (cont)

Meeting all of the proposed criteria would lead to a UPI that achieves

the following:

• positively identifes patients.

• •automatically links and collates patient records from disparate

  electronic sources, creating a longitudinal care record,
• protects patient’s personal health information and privacy, •efectively minimizes the cost of patient record management.

  No identifer exists which could meet all of the criteria proposed by the

  standard because some ideal attributes confict with each other. For

  example, a ubiquitous and easily accessible identifer may not

  adequately preserve privacy. The following is a description of selected

  ideal UPI attributes; for succinct defnitions and examples, refer to

  Cont.

  

Attributes of Ideal Identifers (cont)

  

Cont.

  Attributes of Ideal Identifers (cont)

• A unique identifer, by defnition, can never be associated with more than one individual. That is, once assigned, the possibility of another person being assigned the same number must be eliminated, or infnitely minuscule.
• A ubiquitous identifer is available and accepted across the health care spectrum. For example, a nonubiquitous identifer would identify a patient for a hospitalization but not the subsequent primary care visit. Ubiquity also requires the identifer to be durable and made readily available at the time of service.
• Unchanging. In order for an individual identifer to be efective, every individual should have an identifer that applies only to that individual and does not change over time. This requires foresight on the part of the issuing agency because enough numbers must be generated to support the population throughout the life span of the identifer.

  

Cont.

  Attributes of Ideal Identifers (cont)

• •Uncontroversial. The identifer should help minimize the opportunities

  for crime and abuse and should not contain substantive information

  about the individual. Similarly, the various stakeholders must perceive

  the identifer to be minimally invasive. The subjectivity of what is and is

  not invasive makes universal acceptance difcult, if not impossible.

• •Uncomplicated. An identifer or identifer system that is not practical to

  implement or that does not meet the requirements of administrative

  simplifcation must be deemed unacceptable.

• •Inexpensive. The costs of implementation and use of the identifer

  must be within an acceptable range. Analysis of costs across all health

  care settings should be considered including, patients, providers,

  payers, and government agencies. For example, it has been estimated

  that a national health identifer implemented in the United States would

  cost between $4.9 and $12.2 billion to deploy and $1.5 billion per year,

  which many view as unsustainable

  

Cont.

  Existing Unique Patient Identifers

The Health Insurance Portability Accountability Act of 1996 (HIPAA)

recognized the need to uniquely identify patients for managing care and

administrative purposes, thus proposing a unique health identifer for all

individuals. UPIs have been implemented in several international health

care systems but have yet to come to fruition in the United States for a

number of reasons: a funding embargo imposed by Congress; costs to

implement such a system; privacy concerns; difculties in conforming

existing information systems to utilize the identifer; and a lack of

consensus on selection of an identifer. The interested reader is referred to

a 1998 Health and Human Services white paper, developed prior to a

congressional ban on government funded UPI discussion, which discusses

relevant legislation, privacy and confdentiality concerns, as well as

strengths and weaknesses of several proposed implementations of a

national UPI. The following is a discussion centered on commonly

broached UPIs—SSN, biometric identifers, and a voluntary universal

  

Cont.

  Social Security Number

  The SSN has been advanced as a candidate for a UPI in the United States because it is theoretically unique, ubiquitous, unchanging, most adults can recite it from memory, and would not require additional infrastructure to implement (ie, inexpensive and uncomplicated). However, in reality, the SSN is sometimes shared by multiple individuals, not all people are eligible for an SSN, in rare circumstances an individual may possess more than one SSN, SSNs are not universally available at birth, and there is no legal protection for maintaining SSN confdentiality in nongovernment organizations.

  Using the SSN also comes with controversy, largely as a result of its universality. At its inception, the SSN was for use only within the context of the Social Security program and intended to identify an account, not a person. Today, the SSN has become tightly linked to an individual’s credit score, among other things, and is now largely

  

Cont.

  Biometric Identifers

  Biometric identifers such as fngerprints, iris scans, voice recognition, and facial shapes ofer unique, ubiquitous, and relatively unchanging identifers. In developed nations, implementation of biometrics has been scarce, mainly because of concerns with privacy and the potential for law enforcement to use these data. However, underdeveloped nations often lack universal coverage by civil registration systems leading to an identifcation problem that reaches far beyond health care. Recent technological advances are allowing cheaper, more accurate identifcation using biometric indicators such as fngerprints and iris scans. In a report for the Center for Global Development, Gelb and Clark found that 160 countries have deployed biometrics to address the identify gap covering over 1 billion people. While highly discriminatory, biometric identifers do not eliminate the need for sophisticated matching algorithms to uniquely identify an individual. Measurements of a person’s fngerprint or iris will possess variability within persons, due to changes in age, environment, disease, stress, and occupational factors, as well as variability due to hardware (eg, sensor calibration and age of the device). In the case of fngerprints, any single individual can produce several distinct images depending on the angle of depression, pressure, presence of dirt, moisture, and sensor characteristics.

  

Cont.

  Voluntary Universal Healthcare Identifer (VUHID)

An example of VUHID was deployed by Global Patient Identifers, Inc. (GPII)

and attempts to completely eliminate patient matching errors by augmenting

existing probabilistic matching algorithms with a VUHID. The patient may

request one open voluntary identifer (OVID), which as the name suggests

shares all information with all providers, and multiple private voluntary

identifers (PVID) that will only disclose information to patient-selected

providers. A key design element for the VUHID proposed by GPII is that once a

patient requests to participate through their provider, they are assigned a

unique identifer that, unlike the SSN, is used only to identify them in the

health care setting. The VUHID then routes the unique identifer back through

the HIE CR to be associated with the patient’s records. The unique identifer

(implemented by barcode, magnetic strip, smart card, etc.) is given to the

patient and presented when visiting a provider. Drawbacks of the proposed

  

VUHID include the complexity introduced by the PVID, which assumes that

patients will understand when it is clinically important to share information

from one provider with another, and concerns that the failure to share all

records may impede hospitals from producing complete billing records.

  

Cont.

  International Unique Patient Identifers

UPIs have been developed and implemented in low-, middle-, and high-income countries.

  

Details on the purpose, formats, validation methods, technical architectures, and lessons

learned from UPI implementations in England, Newfoundland and Labrador, Australia, New

Zealand, and Germany may be found in a review from 2010 by the Health Information and

Quality Authority. Specifc use cases for implementing a UPI in Denmark, Botswana, Kenya,

Brazil, Malawi, Ukraine, Thailand, and Zambia are discussed in a UNAIDS white paper

addressing developing and using individual identifers for health services including HIV .

Although no single identifer currently exists with each of the ideal attributes, Figure 11.1

depicts the degree to which the examples discussed meet the expectations of an ideal

identifer. As will be discussed, a key strength of the CR is the ability to utilize multiple

identifers through matching algorithms to positively identify a patient. That is, the CR does

not rely on the necessity to produce an ideal UPI; however, when a UPI is available,

matching efciency is improved. UPIs hold promise for simplifying patient identifcation, but

even in the case a UPI is in use, there is a need to match patients using other attributes,

such as demographics, when a UPI is unavailable at the time of service (eg, forgot card or

emergency situations). Similarly, if a temporary identifcation must be issued, the central

authority will need to utilize other identifers, such as demographics, to link a patient’s UPI

to the temporary ID to prevent record fragmentation. In general, the implementation of a

UPI will improve the accuracy of matching procedures but will not replace the need for

demographic attributes.

FIGURE 11.1 The ideal attributes of unique personal identifers, highlighting where commonly used

  

identifers exist within this framework. UPI, unique

patient identifer; SSN, social security number.

THE ENTERPRISE MASTER PATIENT

  

INDEX

Each health care organization’s eMPI associates its own

unique identifer with patient data; thus, a single patient may

have several “unique” eMPI identifers, one within each

organization where care occurred. The lack of a shared

identifer across organizations makes integration of patient

data difcult. So if Bob visits an ED outside his usual

integrated health care system, data about the visit would not

be integrated into the EHR system record utilized by his

primary care physician and, unless Bob discloses this

information, his primary care physician may never be aware of

the incident. The unique identifer problem has an intuitive

solution that creates a unique identifer to span all health care

organizations.

THE CLIENT REGISTRY

  

The eMPI uniquely identifed and linked each of Bob’s specialty care visits because

they were within the same network or enterprise, but data from an ED visit outside

Bob’s usual integrated health care system would remain in a silo. A natural, logical

solution might be the use of an UPI that could span all of Bob’s health care services

and allow for positive identifcation and linkage of Bob’s ED visit to his other health

care data. However, no single UPI is currently available that would facilitate linking

all of Bob’s records. Thus, in order to link data across the health system, we must

rely upon an assemblage of existing identifers. A CR operates by adjudicating the

assemblage of demographic attributes and other personal identifers from each data

supplier (eg, hospitals, clinics, etc.) to create a single record for each patient within

the HIE. Figure 11.2 demonstrates how the CR fts into the scheme of the HIE model.

Organizational EHR systems and point-of-care applications interact with the CR

through the interoperability layer allowing users to retrieve, add, and edit patient

records. Once positive identifcation is made, the CR associates each patient’s

records with a unique number called the master patient index (MPI). Although similar

in concept to the unique number assigned by an eMPI, the MPI—in the context of the

CR—acts as the controller for all other local identifers that may be associated with

the patient, including one or more MRNs assigned by individual facilities and

FIGURE 11.2 The client registry architecture within the OpenHIE model. EMR, electronic

  medical record; EHR, electronic health record.

  

SUMMARY

Health care data are generated from numerous clinical sites,

often by diferent EHR systems. Each organization has its own

method of uniquely identifying patients, but these identifers

are incapable of identifying patient records from outside

organizations. Currently, no single unique patient identifer is

capable of spanning the entire health care environment, and

record linkage must rely upon multiple patient attributes and

identifers. The CR handles inconsistent completeness and

quality of identifying data by standardizing incoming data and

employing statistical matching algorithms to link data from

separate organizations for the same patient. Once identifed, a

single, unique identifer (the MPI) is associated with the

patient, allowing HIE networks to create and maintain patient-

centric records and services.