Open menu

Fighting Medical ID Theft & Improving Interoperability

  • May 27, 2016|
  • 2 years ago

by Tom Foley

  • Follow us
  • Follow us

Director, Global Health Solution Strategy

The race is on to find a unique patient identification option that will solve for various interoperability challenges like duplicate records, identity theft, and patient fraud.

Initially, when the Health Insurance Portability and Accountability Act (HIPAA) was passed, it required that a unified patient identification system be created. But due to privacy concerns, Congress introduced a ban to prohibit the U.S. Department of Health and Human Services (HHS) from using federal funds to create this unique identifier.

More recently, the American Health Information Management Association (AHIMA) attempted to pass a petition to reconsider the ban. Unfortunately, the petition failed to collect the mandatory 100,000 signatures.

AHIMA officials report that the lack of a reliable, consistent way to accurately identify patients is a significant problem for health providers, causing “missed diagnoses, inappropriate treatments, unnecessary tests, and the inability to improve patient care.”

In January 2016, though, the College of Healthcare Information Management Executives (CHIME) announced the National Patient Identification (NPID) Challenge. This $1 million incentivized competition for the private sector wants to create a universal patient identity solution that accurately, safely, and privately verifies a patient’s identity with a 100 percent success rate.

CHIME, WEDI and other organizations like HIMSS, the Sequoia Project and MGMA on the issue. It’s top of mind for everyone in healthcare, including Judy Faulker, the CEO of Epic. She’s said, “I think each person should have a medical identity. I don’t care whether it’s federal or not.” And, despite the fact that Epic and others are often criticized for being closed systems, she insists that interoperability is a passion and a priority.

Currently, most health organizations identify patients based on first and last name and date of birth. In 2015, The Joint Commission issued patient safety goals requiring the use of at least two of these patient identifiers: individual’s name, an assigned identification number, telephone number, or another person-specific identifier. “The intent for this goal is twofold: first, to reliably identify the individual as the person for whom the service or treatment is intended; second, to match the service or treatment to that individual,” the guide states.

While patients often express frustration with these types of repetitive identity verification, consider the potential for things to go awry without them. According to Aberdeen Group, an IT market research company, “Cybercriminals commonly chase basic identity information such as names, birth dates, and health insurance contract and group numbers they can sell for just $20 on the black market … However, the lucrative theft kits fetch $1,500 and far more when medical data is included that can be used to obtain prescription drugs illegally and commit insurance fraud.”

Identity theft and fraud are serious problems across all sectors, but health care fraud is rising at an alarming rate—up 30 percent since 2007. A report from IDC Health Insights predicts one in three health records will be compromised in 2016 alone. Identity theft not only impacts a patient’s credit report (access to Social Security number and financial information), but it also compromises the accuracy of medical records by merging medical information of the data thief with that of the actual patient.

Duplicate records also create challenges, and heighten costs, in healthcare. The RAND Corporation suggests that 15 to 16 percent of patient records are duplicate records. All contribute to the need for a unique patient identifier.

Factor in the rise of healthcare consumerism—mass data aggregation across a number of devices and wearables—and the risk of security breaches only grows higher. No doubt this data will enhance diagnostic accuracy and lead to greater medical advancements, but interoperability and security need to be top priority.

Therefore, a technology solution that integrates data from several sources into a single Electronic Health Record (EHR) using a single patient identifier is critical. Thankfully, several efforts are underway.

What methods of identification are being explored? The spectrum stems from smart card technology to brain waves.

· Smart card technology is an established identity authentication system in the financial industry that helps to protect customer data. Health organizations like Smart Card Alliance are working to apply this technology at the point of care. “Upon successful authentication, the patient’s card is used to point directly to the individual patient’s data on the server.”10 LifeMed ID, a Lenovo partner, is one example of this type of solution.

· Carolinas HealthCare has reduced its duplicate medical record error rate from 2.9 to .01 using palm-vein biometrics. “When being admitted into any facility, a patient age 13 or older places his or her hand atop the palm-vein scanner, which on the first scan identifies the unique vein pattern underneath the skin and assigns that pattern an algorithm and unique identification number within the enterprise master patient index.”

· The Lava Group and RightPatient have partnered to introduce a biometrics-based identification solution, which captures a patient’s unique iris pattern. “The completely contactless and hygienic process can integrate with all major EHR systems, saving patients’ and professionals’ time during the sign-in process and ensuring that all relevant medical history information is made available to the doctors who need it.”

According to the authors of an AHIMA survey, “Better tools, such as biometrics, smart card readers and advanced algorithms are critical in reducing patient matching errors.” But they’re also quick to point out that “No amount of advanced technologies or increased data capture will completely eliminate human errors. Creating policies and procedures for the front-end and back-end staff to follow is foundational for the overall data integrity process.”

It may be a complicated course getting there, but the result of implementing unique patient identifiers will transform the industry, in ways ranging from a cost and efficiency standpoint to improved patient outcomes and care delivery.


1. AHIMA Petition Seeks to End 16-Year Budget Ban to Develop Unique Patient Identifier. Becker’s Health IT & CIO Review. March 21, 2016.
2. Remove the Federal Budget Ban That Prevents HHS From Working on a Voluntary Patient Safety Identifier (MyHealthID). The White House. March 20, 2016.
3. Epic CEO Judy Faulkner Talks EHR Interoperability, Need for a National Patient ID, Physcian Productivity. Health IT News. March 21, 2016.
4. Petition Calls for Unique Patient Identifier Solution. Journal of AHIMA. March 21, 2016.
5. National Patient Safety Goals Effective January 1, 2015. The Joint Commission. January 6, 2015.
6. In the Face of Medical Identity Theft, What Can Healthcare Facilities do to Protect Health Data? MedCity News. April 1, 2016.
7. Healthcare Fraud: a Five-Step Plan for Diagnoses and Treatment. Information Age. April 20, 2016.
8. Top Ten Tech Trends: National Patient ID Movement. Healthcare Informatics. March 24, 2016.
9. Researchers Can Identify You by Your Brain Waves with 100% Accuracy. Health News Digest. April 19, 2016.
10. Smart Card Technology in U.S. Healthcare: Frequently Asked Questions. Smart Card Alliance. September 2012.
11. Our Cloud Identity Platform. LifeMed ID. Undated.
12. Carolinas HealthCare Boosts Patient Safety With Palm-Vein Biometrics. Healthcare IT News. March 24, 2016.
13. N Ireland Firm to Work With RightPatient. Planet Biometrics. April 19, 2016.
14. Report: Providers Must Adopt Sophisticated Tech, Stronger Policies to Prevent Duplicate Patient Records. FierceHealthIT. April 20, 2016.