Congress whiffs again on advancing interoperability
The federal government didn't shut down this past weekend. That's always a positive, but the mad rush to pull together an appropriations package that can pass a polarized Congress inevitably leads to winners and losers. Interoperability has consistently fallen into the latter bucket and this time was no different.
How so? The annual spending bill perpetuates a nearly 25-year ban on using federal funds to establish a standard for a national patient identifier. Accurate patient identification is one of the most important yet challenging aspects of interoperability, and advocates say a national patient identification framework could reduce administrative burdens and improve care. On the flip side, it would no doubt be costly and difficult to get right.
To me, the fundamental flaw in the status quo is that it prevents any serious effort at trying to get it right. In healthcare technology—really, within any industry—there's a pattern to innovation where new solutions and concepts are introduced, scrutinized, and refined or discarded. The current law unnecessarily cripples this debate, and Congress missed another chance to correct its error.
A hot and cold relationship
The legislative branch has a history with national health identifiers; uncovering it requires much digging through the archives. If you thought interoperability was hard, try conducting congressional research!
The saga began with HIPAA, which directed HHS to "adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system." (Congressional records are hopelessly void of anchor links, so when I don't quote exact text, I'll share words you can search for within the page to find the relevant portion.)
The present-day restriction was born a couple of years later in the omnibus funding law for fiscal year 1999 (search for "health identifier"). Its author was Texas congressman Ron Paul, who took to the floor of the House on October 8, 1998 to advocate for inserting the language. Rep. Paul expressed concern that a national ID would "be used to create a national database containing the medical history of all Americans" and "would allow federal bureaucrats to track every citizen's medical history from cradle to grave."
Since that fateful legislation, the language has remained constant in the yearly appropriations bill, whether that's a standalone bill to fund the Departments of HHS, Education, and Labor or a consolidated appropriations act that bundles together the 12 bills that fund the entire government. (Note: the provision is colloquially referred to in the healthcare community as "Section 510" and I'll do the same here. However, the actual section number has varied over time. It was Section 514 in the Consolidated Appropriations Act of 2001, for example, and Section 511 in fiscal year 2010's equivalent act. Search for "health identifier" in both.) Section 510 directly nullifies part of HIPAA's requirements, stating that no appropriated money can be used "to promulgate or adopt any final standard...providing for, or providing for the assignment of, a unique health identifier for an individual (except in an individual's capacity as an employer or a health care provider), until legislation is enacted specifically approving the standard."
After two decades of quiet, a hint of momentum emerged in 2019 when the House passed a bipartisan amendment to strike out Section 510. The House has made multiple attempts to remove it ever since. In the Senate, change has been slower but the initial appropriations bill for FY2022 excluded Section 510 (search for "health identifier"). Old habits die hard, though, and Section 510 lives on. Not everyone wants to see it go, either; Sen. Rand Paul of Kentucky has expressed many of the same concerns as his father did, and he has worked with like-minded colleagues to introduce legislation removing the original requirements from HIPAA. These proposals have not advanced in either chamber.
I feel the players on both sides of this issue hold skewed and rigid viewpoints that don't survive rigorous scrutiny. For one, while patient misidentification is undoubtedly a problem, a national ID will not be a panacea for our woes. We already see mistakes happening when healthcare workers have unique data points available to them, such as distinct names, dates of birth, and medical record numbers. Introducing an additional number in an electronic chart or on a patient armband won't stop fallible human beings from mixing up similar information or failing to follow the right process. To reduce the risk of patient harm due to misidentification, we are better served by implementing and religiously following a system for positive patient verification at every key point in the delivery of care.
What's more, a unique ID will be costly and time-consuming to roll out. Software will need to be updated and existing records will need to be matched to newly issued IDs. The federal government would need to define a process for assigning and managing IDs for unexpected participants in the health system, such as international visitors who need medical care. And a host of questions would need to be answered, like how to verify that an ID a patient provides is truly theirs and how to accommodate patients who are unable to provide theirs.
On the other hand, those resisting work on an identification framework miss the mark in several ways. Privacy and security are the most commonly cited apprehensions, but these are addressable. Opponents assume, as Rep. Paul did in his floor speech, that national IDs will automatically mean a nationalized database of all of our health information, but these are not inseparable. Congress can easily allow for an ID standard while prohibiting a national EHR.
Secondly, the fear of national IDs getting into the wrong hands is often cited. It'll be like Social Security numbers, they say, where you're doomed for the rest of your life once it's leaked. But I would argue this is shortsighted because we shouldn't design a national ID to be like an SSN. We should take a page from the banking industry and make it like a credit card. When my card number is stolen, the bank can easily render it useless and issue a new one. Credit cards also follow defined patterns with check digits to ensure their validity, which reduces the chances of transposed numbers and ensures criminals can't use just any random one. We need to adopt these same principles when developing a unique patient ID.
Give it the green light (or at least a yellow one)
In my mind, the key advantage of a national patient ID for interoperability is that it allows us to move to a consistent, verifiable, and fungible value for every participant in our healthcare system. This is something our present-day identifiers can't match. Like an SSN, your name, date of birth, address, and phone number are demographics that are difficult or impossible to change, so their value to malicious actors remains high over time. MRNs provide a unique and (usually) changeable identifier, but they don't carry the same meaning outside of the walls of a single health system. A well-designed national identifier gives us the best of both worlds and reduces friction in the pursuit of seamless data exchange.
To be clear, there's room for meaningful compromise on this issue that allows for incremental progress. Section 510 could be amended to prohibit adopting a final standard while allowing the use of funds to conduct research on what a national patient ID framework could look like. Congress has taken similar steps on other issues by allowing research while preventing a wholesale change in policy. And as we work through if, how, and when we adopt a national patient ID, we shouldn't lose sight of an underappreciated fact: millions of Americans already have one. Every Medicare recipient has a 11-digit Medicare Beneficiary Identifier issued by CMS and recognized nationwide. Congress mandated the change from the old SSN-based identification numbers, and while the rollout required much planning and effort, it was ultimately successful because CMS was empowered with the time and resources needed to make it happen. The same can be true for a unique national patient identifier; it's time for Congress to end the quarter-century ban and advance interoperability by allowing much needed research and innovation.