UNIQUE PATIENT IDENTIFIER/UNIVERSAL IDENTIFIER PROPOSALS  

INTRODUCTION

On July 6, 1998, the Department of Health and Human Services (HHS) and the Health Care Financing Administration (HCFA) published a Notice of Intent to move forward on addressing the National Health Identifier for Individuals (NHII) (Also referred to as unique patient identifier or universal patient identifier). The NHII was among the identifiers included in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Since the Notice of Intent was published in July, no further action has been taken by HHS to issue a proposed rule for the identifier. Many in industry and in Congress questioned the appropriateness and timeliness of a unique identifier before the confidentiality provisions in the HIPAA legislation have been addressed. The National Committee on Vital and Health Statistics recommended to HHS that the unique identifier be considered only after confidentiality legislation has been passed in Congress. Congress stated in the Fiscal Year 1999 Omnibus Supplemental that HHS could not use any funds to continue their work on a unique identifier, which ensures that nothing will be done until Congress revisits this issue during the 106^th Congress.

The Notice of Intent serves as a vehicle to discuss and analyze the proposals that have been offered to date. The following summary of unique identifier proposals is based largely on the proposals provided in the Notice of Intent. In addition, an analysis of the identifier proposals incorporated into a document that was provided to HHS and prepared by Solomon Appavu was also referenced frequently in the comparison of identifiers. The unique identifier proposals have been placed in the following five categories: Unique Identifier Proposals Based on the Social Security Number (SSN); Identifiers Not Based on the SSN; Proposals That Do Not Require Universal Unique Identifiers; Hybrid Proposals; and Cryptography Methods That Are Not Identifiers. Below is a summary of the unique identifier proposals within those categories.

I. UNIQUE IDENTIFIER PROPOSALS BASED ON THE SSN

The Unenhanced SSN is commonly used in many institutions to identify individuals and is administered by the Social Security Administration (SSA). Its positive attributes include its availability to the public; minimal implementing cost; it is the current de facto identifier; and the government would bear the cost without having to create a new system. However, the unenhanced SSN’s negative attributes are that it does not include a check digit; not every individual is eligible or chooses to obtain a SSN; individuals may have more than one SSN or SSN’s may be erroneously used by more than one person; no legal requirement for non-Federal users to keep the number confidential or to limit its use; a mechanism for providers to verify its authenticity would need to be created; and the SSN is easy to counterfeit.

The Proposal of the Computer-Based Record Institute calls for legislation to fund and task the SSA to add a check digit to the SSN. An authentication algorithm would be used to establish the identity of the organization requesting a number. In addition, the proposal calls for federal preemptive legislation to provide confidentiality of health information. Positive aspects of the proposal include: the addition of a check digit to the SSN; the proposal’s privacy protections; and the existing infrastructure, trained staff, policies, procedures and guidelines in place. Negative aspects of the proposal include lack of details regarding the issuance process, such as time, effort and cost; it is unclear how proposed legislation could or should protect health information identified by the SSN from being linked with other information systems that already use the SSN as the basic identifier; the typical time required to obtain a SSN is measured in weeks rather than "minutes"; there is no provision for the use of temporary numbers; and the significant percentage of error within the SSN system that does not have a provision to check the errors.

The Alternate to the SSN proposal would use the SSN as an identifier for those individuals to whom it is acceptable, but offer an alternate identifier to others (who have privacy concerns). The alternate identifier would be a 9-position identifier and would not be the same as any current or future SSN. Since the alternate identifier is the same length as the SSN it could be used in any record structures that carry the SSN. However, a potential stigma could be attached to the alternate identifier -- a request for the identifier might be interpreted to mean that the individual has something to hide.

The Computer Healthcare Identifier (CHID) proposal does not require changes in SSNs or in SSA’s processes and would be assigned by healthcare providers or health plans. Each validated health plan and health care provider would be provided a standard encryption algorithm for the purpose of converting a patient’s existing SSN into another, private number. The algorithm performs a one-way mathematical function – with highspeed computing it can be done in a fraction of a second. The resulting unique number will always be the same no matter what entity is computing it and would contain a check digit. Positive aspects of the proposal are that it would not involve the SSA or require any changes in the current process of assigning SSNs; it would be guaranteed mathematically to be unique; would be less expensive to implement than a system to create a totally new number, although no cost estimates are available; could address privacy concerns because it makes linkage to other records using the SSN more difficult; and could be.validated with a check digit program. The negative aspects are that many of the current problems with SSNs would not be addressed unless and until the SSA re-verifies the SSNs; because the algorithm would have wide distribution, it is likely to become publicly known within some relatively short period despite legal sanctions against disclosure; anyone with access to the algorithm could, theoretically, take the one billion 9-digit numbers that include all potential SSNs, apply the algorithm, and generate a database of all health identifiers, each linked to its corresponding SSN; no infrastructure currently exists to support appropriate linkages of encrypted versions of the CHID back to the original CHID; and the cost to the industry to modify its systems would be significant;

II.IDENTIFIERS NOT BASED ON THE SSN

The ASTM Sample UHID is designed with a length up to 29 characters. The number is constructed from four parts: (a) a 16-digit sequential number that identifies an individual uniquely, (b) a delimiter (defined as a single character, such as a period, that denotes the boundary between two digits or characters) that separates the 16-digit number from the check digits and encryption scheme identifier that follow, (c) 6 check digits, and (d) a 6-digit encryption scheme identifier, if the number has been encrypted. If the UHID does not need to be encrypted, the last six digits can be valued as "000000" or omitted entirely. The proposal does not describe implementation. Positive aspects of the proposal include: it meets the requirement of HIPAA for a standard, unique health identifier for each individual; it incorporates check digits and encryption capabilities; could restrict the identifier to health care and other desirable uses that can be protected with legislation; avoids crossover problems; provides an opportunity to design an identification system that will fully take advantage of existing technology; and offers the capacity to handle the nation's population for a foreseeable future. Among the negative aspects of the proposal are its cost to the industry to modify their systems and add another, longer identifier; the additional infrastructure a new number would require; its length makes it less user-friendly; and it is untested.

A Biometric identifier is based on a person’s unique physical attributes, such as fingerprints, retinal pattern analysis, iris scan, voice pattern identification and DNA analysis. However, an individual must be receive their identifier in person. The issuance and verification requires special equipment to scan or read the individual’s special attributes. It is already used in government agencies. Biometric information can be stored in digitized form in electronic records and on identification cards. Positive attributes include its unique and positive identification of the patient and its avoidance of crossover problems. Some negative attributes include the lack of infrastructure to issue and maintain the identifiers; the need for special equipment for issuing identifier and the requirement that the individual be present; the identifier would need to be digitized; significant cost; and the biometric attributes of patients could change due to age, injury or disease.