Inventory of Health Care Information Standards. Individuals

01/01/1997

Unique Identifier Standards for Individuals:

1.1.1. UHID by ASTM

Category/Classification of Standard

Unique Identifiers (including allowed uses) for Individuals

II. Standard Development Organization (SDO): ASTM

III. ANSI Accreditation, ANSI Accreditation applied for or not

ANSI Accredited

ANSI Accredited

IV. Name of the Standard

Standard Guide for Properties of a Universal Health

Identifier (UHID) "E1734"

V. Contact for more information

Name: Terry Luthy

Address: ASTM 100 Barr Harbor Drive

West Conshohocken, PA 19428

E-mail: tluthy@local.astm.org

Phone: 610-832-9737

Fax: 610-832-9666

VI. Description of Standard

The UHID Scheme consists of a sequential identifier, a delimiter, check digits and an encryption scheme to support data security. This Standards Guide covers a set of requirements outlining the properties of a national system of Universal Health Identifier (limited to the population of United States). It includes positive identification of patients, automated linkage of various computer-based records, mechanism to support data security of privileged clinical information and the use of technology to keep health care operating cost at a minimum.

VII. Readiness of Standard

The Guide provides a detailed implementation sample for the UHID and evaluates the implementation against the criteria outlined by the standards. The method is being implemented by two (2) VA hospitals in Florida.

VIII. Indicators of Market Acceptance

ASTM E1714 is an approved American National Standard. Regarded as an ideal standards guide for the Unique Patient Identifier. The VA hospital network (VISN) is planning to expand the implementation of ASTM Standards based identifier. More than 350 copies of the standards have been distributed.

IX. Level of Specificity

The UHID Scheme consists of a sequential identifier, a delimiter, check digits and an encryption scheme to support data security. It supports multiple encrypted IDs for an individual.

X) Relationship With Other Standards

N/A

XI) Identifiable Costs

ASTM Standards volume 14.01 for Health care informatics that include this Standards Guide can be purchased for a nominal fee.

1.2. Other Unique Identifier Options for Individuals:

1.2.1. Social Security Number (SSN)

I. Description of Standard

The original scope of SSN was to function as a Social Security Account Number (SSAN). Its scope since the 1935 legislation has been expanded. It is now in use as a personal identifier in a wide area of applications including use by local, state and federal authorities, financial institutions, and numerous consumer organizations.

II. Readiness of Standard

Strength: The existing SSA structures, trained personnel, detailed standard procedural guidelines, cost economies, rapid implementation etc. are all in favor of the use of SSN as a valid patient identifier.

Weakness: Many organizations including those who support the use of SSN as a Health Identifier have identified several serious defects that must be fixed before it can be used as a valid Unique Health Identifier. Examples are:

  1. Not unique
  2. No exit control
  3. Lack of check-digits
  4. Significant error level
  5. Privacy & confidentiality risks
  6. Lack of legal protection

6. Lack of capacity for future growth

7. Lack of mechanism for emergency use and timely issue.

8. Provision for non citizens, etc.

The Computer-based Record Institute (CPRI) supports a modified SSN with important changes to the process of issue of SSN including check-digits, encryption scheme, a trusted authority, and legislative measures, etc..

III. Contact for more information:

Social Security Administration

6401 Security Blvd, Baltimore, MD 21235

IV. Indicators of Market Acceptance

Used by VA hospitals and Medicare Administration as a patient identifier. Used by many health care organizations as part of the patient demographic information.

V. Identifiable costs: Expenditure borne by the Government.

1.2.2. Biometrics IDs

I. Description of Standard

Several sophisticated methods of biometrics identification methods have been proposed, including finger print, retinal pattern analysis, voice pattern identification and DNA analysis.

II. Readiness of Standard

Law enforcement and Immigration departments use some of the biometrics identification methods. However, the necessary standards, procedures, and guidelines are non-existent for use in health care. Some of the concerns relating to this option are organ transplant, amputation and diseases affecting organs e.g. retinopathy.

III. Contact for more information:

N/A

IV. Indicators of Market Acceptance

N/A

V. Identifiable costs: Considered very expensive. Specific details not available.

1.2.3. Directory Service

I. Description of Standard

This method is proposed by Dr. William L. McMullen of Mitre Corporation. It will use existing patient identifiers to provide linkages to records of individuals across systems. The system includes social characteristics (name, SSN, address, driver license etc.) human characteristics (finger print, retina scan etc.) and other groupings such as sex, race, DOB, etc. The directory service would reconcile interactively and heuristically the proper association of the patient identification data at the current point of care with any one of the other prior points of care. This step would be supported by automated capabilities that would facilitate locating the other patient records for which a record linkage is valid. The current point of care location would then be linked with any of the other selected point of care locations by electronically exchanging their network addresses.

II. Readiness of Standard

N/A

III. Contact for more information:

The Mitre Corporation

7525 Colshire Drive

McLean, VA 22102-3481

IV. Indicators of Market Acceptance

N/A

V. Identifiable costs: Considered expensive. Specific

details not available.

1.2.4. Personal Immutable Properties

I. Description of Standard

Dr. Paul Carpenter and Dr. Chris Chute of Mayo Clinic have proposed a model Unique Patient Identifier (UPI) which consists of a series of three universal immutable values plus a check digit. The three values are a seven-digit date of birth field, a six-digit place of birth code, a five-digit sequence code (to identify the individual born on the same date in the same geographic area) and 4) a single-check digit. For emergency situations the use of temporary UPI with the prefix "T" is recommended.

II. Readiness of Standard

N/A

III. Contact for more information:

Dr. Paul Carpenter or Dr. Chris Chute

Mayo Clinic

Rochester, MN 55905

IV. Indicators of Market Acceptance

N/A

V. Identifiable costs: N/A

1.2.5. Patient Identification System Based on Existing Medical Record Number

and Practitioner Prefix:

I. Description of Standard

Medical Records Institute proposes the use of existing provider institution generated medical record number with a provider number prefix. The solution requires consensus on a practitioner identification system but eliminates the cost of creating, implementing and maintaining nationwide (patient) numbering system. The unique practitioner ID would identify the location of the patient database, and the medical record number would identify the patient's record within that database. The solution also includes the patient designation of a practitioner of choice to be the curator who functions as the gateway for the linking and updating of information.

II. Readiness of Standard

N/A

III. Contact for more information:

Medical Records Institute

567 Walnut Street, P.O. Box 600770

Newton, MA 02160

IV. Indicators of Market Acceptance

N/A

V. Identifiable costs: N/A

1.2.6. Public Key - Private Key Cryptography Method

3. Cryptography-based health care identifiers:

Dr. Peter Szolovits, Massachusetts Institute of Technology proposes a Health care Identifier System based on public-key cryptography method. Anyone who wants to use this method needs to acquire two keys that allow arbitrary messages to be encoded and decoded. These two keys contain mathematical functions that are inverses of each other. The method consists of a patient private-key and a organizational (provider) public-key together generating and maintaining IDs that are both organization specific as well as unique to individual patients within that organization. The ID can be revealed to other institutions or practitioners only with the private-key of the patient. Both centralized and decentralized controls are possible. Under the decentralized scheme the patient has the ultimate control over the degree to which the lifetime collection of medical information is made available to others. Under the centralized scheme an umbrella organization (trusted authority) handles all patient private-keys via an ID Server, and the patient will have the public-key.

At the request of authorized institutions the ID Server will generate Patient ID with the use of both the patient's private-key and public-key. Under both schemes, the use of smart card and computer are required.

II. Readiness of Standard

N/A

III. Contact for more information:

Dr. Peter Szolovits

Massachusetts Institute of Technology

Laboratory for Computer Science

545 Technology Square

Cambridge MA 02139

IV. Indicators of Market Acceptance

N/A

V. Identifiable costs: N/A