Health 2.0 and Identity: Who else cares who I am, as long as I do? By David Kibbe MD MBA
My
recent blog on Health2.0 data exchange using the CCR standard and a
sparse information model
brought this comment from a reader who identifies themselves as jd:
"I'd really like to hear your insights on the issue of uniquely identifying patients. Whether we have a sparse information model or a more complete/complex one, none of this is going to work unless there is an automated way for data from multiple systems to converge into one record. There is now an NPI for physicians, but what about patients? It seems something like a social security number is out of the question, so what are we going to do in it's absence?
Of all the large problems we have ahead in developing computable data exchanges (privacy, data ownership, business models for data exchange, operational data standards, etc.), it seems that this issue ranks right up there. Any thoughts on how we can resolve it?
Super questions. Right on. While I agree that having a way to identify a person as unique will be important to some Health2.0 processes and functions, I think that in general the "identity problem" is given more worry and concern than it deserves, and is horribly misunderstood. I agree with jd that the government shouldn't try to put in place a mandatory National Patient Identifier. Bad idea, won't ever happen, isn't required. So, what to do?
There is a big problem with identification systems in general. I don't think one can escape the fact that unique identifiers are indelibly linked, both in reality and in the mind of the body politic, with control and power over the individual. We use identification systems to control immigration, taxes, and vehicular licenses. Banks use our Social Security numbers and additional identifiers to help them keep our money controlled, and safe from bad guys. In large health care enterprises, we use "master patient indexes" to assign unique identifiers (ones the person never knows about) to control data and documents. And CMS has issued providers National Provider Identifiers in large part to control Medicare spending, especially to help them prevent fraud.
All of these functions and processes are legitimate and have value. I'm not going to argue against them. But I will point out that much of what happens transactionally on the Internet and the Web happens at almost the complete opposite end of the spectrum from the examples above, with absolutely no need for identity. And it all works just fine!
The person who posted the comment above signed his commentary with the initials "jd" -- and no more. No way to identify him or her, right? Could even be an alias. But that lack of identity didn't prevent him or her from contributing a comment and eliciting a response. Millions of us have email accounts with fake names and aliases, and that doesn't prevent us from communicating and sharing ideas and messages. Similarly, blogs, FaceBook, and game sites all exist and thrive without an "identity problem. It would be very interesting to quantify how much of the traffic on the Internet occurs anonymously, and how much with strong identifiers attached. Life is messy, and we like it that way much of the time.
So here's my point: before we assume that the lack of a "national identifier" of some sort is a prerequisite for a thriving Health2.0 economy, let's consider use-cases when and where unique identity really matters with respect to the collection, organization, analysis, and exchange of personal health information. And where it doesn't.
I think we could think up plenty of both. For example, if I've collected my own summary health information, from whatever sources, and have created a CCR xml file that contains my diagnoses and medications, allergies and immunizations, then I may wish to send that information to websites for various services, and to do so de-identified or completely anonymously. To make this example a little starker, suppose I'm using a web service that will provide me with my risk of depression, given my summary health information. I would almost certainly ONLY invoke that web service if I could do so anonymously, in such a way that the service couldn't link my information back to the "real me."e. As long as I care who I am, no one else needs to know.
However, imagine that I subscribe to a service that regularly updates my health information from three doctors' offices, a hospital system, and a clinical laboratory, and places that information in Microsoft's HealthVault or some other repository of my choosing. In that case, those organizations (actually, their servers) need to know my "identity" as a unique entity, almost certainly a number or hash of numbers, that cannot be confused with anyone else's. In that case, I, the consumer or patient, need an identifier in order to benefit from Health2.0. (We could spend an eternity arguing about whether this is actually an assigned number, or an algorithm that uses data to assign one. To keep the conversation reasonably short, let's all agree that, in the end, this is a number assigned to me, and only to me. )
The question that arises at this point is this: who will supply me with that identifier in those cases in which I need one? And, who will pay for that identification system? Do we trust the federal government to assign us National Identifier Numbers? Would a consortium of employers be the best bet? How about Wal-Mart? They're really good at this stuff; best inventory tracking system in the universe! (Hey, if the Eagles trust Wal-Mart to exclusively distribute their new album, "Long Road Out of Eden," then they're not all bad. I'm a big fan of Don Henley.)
Since you asked my opinion with your semi-autonomous comment - I'll be glad to give it to you. I would like to see a National Voluntary Health Identifier system be available to me, the consumer, for use when I need a unique identifier. I'd like a non-governmental and non-profit entity that is trustworthy to allow me to create and manage my own unique identifier, free of charge or for a very small sum. That way, I might engage in Health 2.0 transactions that require data to be linked using an identifier, but still maintain my anonymity computationally. And I could decide which services know my real identify, and which do not. Sure, I may not be able to participate in some of them. But, hey, no one forces me to use a credit card, now do they?
David Kibbe
User-generated content 
Subscribe!
By algorithms, do you mean what Connecting for Health uses? If I understand them correctly, it is identifying a person using a set of information.
It seemed they are trying to get away from folks having an actual number.
-John
Posted by: John Norris | November 12, 2007 at 07:17 PM
John: Thanks for your comment. Yes, it is relatively common for patient identification or indexing systems in large organizations to use several demographic items, including name, date of birth, address, etc. as a means of assuring that the person whose file or records they are presented with is unique and matches with their own records of this person. This methodology is widely used, and avoids the requirement that the presenting person/record have a unique identifying number.
However, with respect to their own internal systems, most of these organizations then assign a unique number to this person, and that number is then used in the patient indexing system of that organization or enterprise.
Obviously, one benefit of using a voluntary patient identifier is that it would allow you or me to map our number to the master patient index numbers of numerous organizations and enterprises, based on our consent. This would mean that we could send our data over the Internet anonymously, and be "recognized" without names, addresses, dob, etc. attached to it, if we wished to.
It's all about which perspective you need/want to take: are you the individual knocking on the door, or the organization on the other side of the door?
Hope this is helpful, DCK
Posted by: David C. Kibbe, MD MBA | November 13, 2007 at 06:14 AM
Thanks, quite helpful. I understand that organizations probably do assign an number internally, but hadn't thought of the benefits of partial anonymity using numbers outside the system.
I do wonder how it would work, as when I use a credit card I do give out some other identifying information so the billing system knows I'm the rightful owner of the card. Maybe an OpenID type of implementation (which I admit not to know much about.)
The pdf you cite was not available this morning.
Thanks for the blog!
Posted by: John Norris | November 13, 2007 at 08:30 AM
Try this link: http://www.google.com/url?sa=t&ct=res&cd=5&url=http%3A%2F%2Fwww.louhie.org%2FDownloads%2Fa_voluntary_approach_can_sol_130987.pdf&ei=MPA5R-PoA5nahQPo38iJCw&usg=AFQjCNFXyKf24-j3W-awc4Fpp9T3tZ7YvQ&sig2=TCVKWKfpj1N9wH2EwxWhKQ
Posted by: David C. Kibbe, MD MBA | November 13, 2007 at 10:46 AM
You may want to look at the work that Doc Searls and others are doing around Vendor Relationship Management (VRM) as they have been thinking a lot about identity issues, but nobody there has real healthcare expertise and that is the "elephant in the room" when it comes to online identity, trust and privacy issues.
http://cyber.law.harvard.edu/projectvrm/Main_Page
Posted by: bernard lunn | November 19, 2007 at 12:05 PM
ah, good, fresh, intelligible, sane stuff on identity issues in health care, that actually proceeds from the real needs involved. Somewhere Clay Shirky is smiling....
And I would be too, if one of the versions of the URL posted for Barry Heib's white paper were to begin working.
Posted by: gjudd | November 19, 2007 at 08:50 PM
acck, Dr Hieb, wherever you are, my apologies for my spelling....
Posted by: gjudd | November 19, 2007 at 08:58 PM
Colleagues: I received this message from Barry Hieb just today:
I am currently engaged in a project to implement a Voluntary Universal Healthcare Identifier (VUHID, “view-hid”) system based on ASTM standards E1714 and E2553. The system is a voluntary system that will issue both public and private (anonymous) healthcare identifiers at no charge upon request by a patient. See http://vuhid.org for a moderately comprehensive description of the system and how it will function. We currently hope to have the system operational some time around the middle of 2008. Historically there have been numerous barriers to the implementation of such a system including cost, technical issues, lack of national consensus, federal legislation prohibiting funding for such an effort, (legitimate) privacy concerns, and the improbability of being able to pull off a ‘big bang’ implementation. We believe that the design of the current VUHID project avoids or eliminates all of these objections. In particular, we believe that the privacy community will come to support this effort as substantially improving privacy over our current situation while avoiding the privacy risks that would be associated with the creation of any national database of demographic or clinical information. I would be most interested in receiving analysis, thoughts, and feedback at barry.hieb@gartner.com once people have had an opportunity to study our proposal.
Posted by: David C. Kibbe, MD MBA | November 22, 2007 at 06:00 AM