The Utopia of Unique Identity

The subject of Unique Patient Identity pops up with clockwork regularity in the healthcare discourse.

A recent article in the New England Journal of Medicine (NEJM) points out that HIPAA initially mandated it. Reason prevailed and the requirement was abandoned. The article goes on to list, correctly, all the issues related to duplicates and split records and the dire consequences from financial costs to potential loss of life.

Just a few short years ago AHIMA made a petition citing much of the same issues and making a proposal for a voluntary solution. That didn’t get much traction either.

While the problems cited are very real, it is not at all clear how a unique identifier would solve the problem, in spite of the very bold claims. Let alone that there is no precedent in history where something like this was pulled off (the NEJM article points out efforts in countries with a population half the one of NYC without suburbs).

The problem is not one of identity, but trusted identity. To be more accurate it’s not about the identity, but the claims made about the identity. I will not discuss the fact that a unique identifier only shifts the burden to a bureaucracy that is expected to be timely and correct. I will address instead the trust aspect. The problem is certainly not new and more prevalent in industry and in life that one might think. We learned that (some) humans lie and cannot be trusted. So how can I be sure, with a degree of confidence above a reasonable threshold (it’s always a relative, never an absolute) that people are who they say they are. If we’re not gonna trust them we have to trust somebody else. And that’s the Identity Issuer or Certification Authority.

As an example, say I meet Roger at a conference and he introduces me to John. I will trust John to be John, because Roger said so, my trust in Roger transferred to the claim he made about John’s identity. I will have a reasonable confidence (never 100%) of John being John to engage in some activities with him, but not others.

Let’s take another example, we travel abroad, we need to prove our identity. Enter the US Government issued Passport. It has an ID, which is not unique. When one renews their Passport, one is issued a new passport with another ID number. What is important is that foreign governments who need to know who is entering their country have no way to establish that individual’s identity. So they trust that the US Government has verified that person’s identity (or the foreign government makes one come in person to the consulate to obtain a visa). First they need to know that the proof of identity is valid, hence the security features of the passport. Then the proof of id makes a number of claims, certified by the issuer, the US Government, such as name, birthdate, height, etc, and even a photo. So what the verifier does is to assess the validity of the proof of id and then compare the features it observes herself against the claims made by the proof of id.

So the burden of determining the identity rests with the verifier and the process could be more involved, or more simple. At the very minimum, simple possession of a proof of id may be sufficient. My son would likely be able to check out a book from the local library with my library card, but may be less successful using my proof of id at a liquor store checking out other items.

The point of all this is that the goal of a unique patient identifier is at best unrealistic. It may solve some problem but it will for sure create more others. The problem so accurately described by the proponents of the unique id is the lack of a trusted trust model (trust the issuer) and the lack and inconsistency of claims made about identities that makes correlation so hard and error prone.

In my opinion, the solution involves a larger number of trusted Identity Issuers that use a standardized set and format for claims on the proof of id. Kinda like the guys who issue driver licenses (and I no way am I implying that States, or God forbid, the DMV should do that for healthcare). Complementing that, linked identities would provide for most cases sufficient metadata to address the problem of correlating identities across different EMR silos, a problem EMPI services are struggling with.

In future posts we will explore a few concrete solutions based on integrating existing standards and technologies.