« Health 2.0 on Location in NYC by Indu Subaiya | Main | Tools to help with Medicare Part D, by Matthew Holt »

November 12, 2007

Health 2.0 and Identity: Who else cares who I am, as long as I do? By David Kibbe MD MBA

DkMy recent blog on Health2.0 data exchange using the CCR standard and a sparse information model brought this comment from a reader who identifies themselves as jd:

"I'd really like to hear your insights on the issue of uniquely identifying patients. Whether we have a sparse information model or a more complete/complex one, none of this is going to work unless there is an automated way for data from multiple systems to converge into one record. There is now an NPI for physicians, but what about patients? It seems something like a social security number is out of the question, so what are we going to do in it's absence?

Of all the large problems we have ahead in developing computable data exchanges (privacy, data ownership, business models for data exchange, operational data standards, etc.), it seems that this issue ranks right up there. Any thoughts on how we can resolve it?

Super questions.  Right on.   While I agree that having a way to identify a person as unique will be important to some Health2.0 processes and functions, I think that in general the "identity problem" is given more worry and concern than it deserves, and is horribly misunderstood.   I agree with jd that the government shouldn't try to put in place a mandatory National Patient Identifier.  Bad idea, won't ever happen, isn't required.  So, what to do?

There is a big problem with identification systems in general. I don't think one can escape the fact that unique identifiers are indelibly linked, both in reality and in the mind of the body politic, with control and power over the individual.  We use identification systems to control immigration, taxes, and vehicular licenses. Banks use our Social Security numbers and additional identifiers to help them keep our money controlled, and safe from bad guys.  In large health care enterprises, we use "master patient indexes" to assign unique identifiers (ones the person never knows about) to control data and documents.  And CMS has issued providers National Provider Identifiers in large part to control Medicare spending, especially to help them prevent fraud.

All of these functions and processes are legitimate and have value.  I'm not going to argue against them.  But I will point out that much of what happens transactionally on the Internet and the Web happens at almost the complete opposite end of the spectrum from the examples above, with absolutely no need for identity.   And it all works just fine!

The person who posted the comment above signed his commentary with the initials "jd" -- and no more.  No way to identify him or her, right? Could even be an alias.  But that lack of identity didn't prevent him or her from contributing a comment and eliciting a response.  Millions of us have email accounts with fake names and aliases, and that doesn't prevent us from communicating and sharing ideas and messages. Similarly, blogs, FaceBook, and game sites all exist and thrive without an "identity problem. It would be very interesting to quantify how much of the traffic on the Internet occurs anonymously, and how much with strong identifiers attached. Life is messy, and we like it that way much of the time.

So here's my point:  before we assume that the lack of a "national identifier" of some sort is a prerequisite for a thriving Health2.0 economy, let's consider use-cases when and where unique identity really matters with respect to the collection, organization, analysis, and exchange of personal health information. And where it doesn't.

I think we could think up plenty of both. For example, if I've collected my own summary health information, from whatever sources, and have created a CCR xml file that contains my diagnoses and medications, allergies and immunizations, then I may wish to send that information to websites for various services, and to do so de-identified or completely anonymously. To make this example a little starker, suppose I'm using a web service that will provide me with my risk of depression, given my summary health information.   I would almost certainly ONLY invoke that web service if I could do so anonymously, in such a way that the service couldn't link my information back to the "real me.&quote. As long as I care who I am, no one else needs to know.

However, imagine that I subscribe to a service that regularly updates my health information from three doctors' offices, a hospital system, and a clinical laboratory, and places that information in Microsoft's HealthVault or some other repository of my choosing. In that case, those organizations (actually, their servers) need to know my "identity" as a unique entity, almost certainly a number or hash of numbers, that cannot be confused with anyone else's.   In that case, I, the consumer or patient, need an identifier in order to benefit from Health2.0.   (We could spend an eternity arguing about whether this is actually an assigned number, or an algorithm that uses data to assign one.  To keep the conversation reasonably short, let's all agree that, in the end, this is a number assigned to me, and only to me. )

The question that arises at this point is this:  who will supply me with that identifier in those cases in which I need one?  And, who will pay for that identification system?   Do we trust the federal government to assign us National Identifier Numbers?   Would a consortium of employers be the best bet?  How about Wal-Mart?  They're really good at this stuff; best inventory tracking system in the universe!  (Hey, if the Eagles trust Wal-Mart to exclusively distribute their new album, "Long Road Out of Eden," then they're not all bad.  I'm a big fan of Don Henley.)

Since you asked my opinion with your semi-autonomous comment -  I'll be glad to give it to you. I would like to see a National Voluntary Health Identifier system be available to me, the consumer, for use when I need a unique identifier. I'd like a non-governmental and non-profit entity that is trustworthy to allow me to create and manage my own unique identifier, free of charge or for a very small sum.  That way, I might engage in Health 2.0 transactions that require data to be linked using an identifier, but still maintain my anonymity computationally.  And I could decide which services know my real identify, and which do not.  Sure, I may not be able to participate in some of them.  But, hey, no one forces me to use a credit card, now do they? 

 
Fortunately, thanks to Barry Hieb and a few other dedicated people, the technology and methodology to put in place a National Voluntary Health Identifier suitable for Health2.0 use-cases already exists, and has been worked on for several years.  Like many aspects of Health2.0, it is on the shelf and ready to go once the business model matures and the industry identifies, so to speak, the need for the technology.  This is one of those pieces to the puzzle that Marty Tannenbaum has written about as an "accelerator" for Health2.0. To learn more about how such a system of consumer-controlled identity services would work, I invite you to read a white paper by Barry, who works for Gartner, downloadable as pdf.
 
So...those are my insights.  Hope they stimulate more responses from you, jd, whoever you are.

David Kibbe

Comments

By algorithms, do you mean what Connecting for Health uses? If I understand them correctly, it is identifying a person using a set of information.

It seemed they are trying to get away from folks having an actual number.

-John

John: Thanks for your comment. Yes, it is relatively common for patient identification or indexing systems in large organizations to use several demographic items, including name, date of birth, address, etc. as a means of assuring that the person whose file or records they are presented with is unique and matches with their own records of this person. This methodology is widely used, and avoids the requirement that the presenting person/record have a unique identifying number.

However, with respect to their own internal systems, most of these organizations then assign a unique number to this person, and that number is then used in the patient indexing system of that organization or enterprise.

Obviously, one benefit of using a voluntary patient identifier is that it would allow you or me to map our number to the master patient index numbers of numerous organizations and enterprises, based on our consent. This would mean that we could send our data over the Internet anonymously, and be "recognized" without names, addresses, dob, etc. attached to it, if we wished to.

It's all about which perspective you need/want to take: are you the individual knocking on the door, or the organization on the other side of the door?

Hope this is helpful, DCK

Thanks, quite helpful. I understand that organizations probably do assign an number internally, but hadn't thought of the benefits of partial anonymity using numbers outside the system.

I do wonder how it would work, as when I use a credit card I do give out some other identifying information so the billing system knows I'm the rightful owner of the card. Maybe an OpenID type of implementation (which I admit not to know much about.)

The pdf you cite was not available this morning.

Thanks for the blog!

Try this link: http://www.google.com/url?sa=t&ct=res&cd=5&url=http%3A%2F%2Fwww.louhie.org%2FDownloads%2Fa_voluntary_approach_can_sol_130987.pdf&ei=MPA5R-PoA5nahQPo38iJCw&usg=AFQjCNFXyKf24-j3W-awc4Fpp9T3tZ7YvQ&sig2=TCVKWKfpj1N9wH2EwxWhKQ

You may want to look at the work that Doc Searls and others are doing around Vendor Relationship Management (VRM) as they have been thinking a lot about identity issues, but nobody there has real healthcare expertise and that is the "elephant in the room" when it comes to online identity, trust and privacy issues.
http://cyber.law.harvard.edu/projectvrm/Main_Page

ah, good, fresh, intelligible, sane stuff on identity issues in health care, that actually proceeds from the real needs involved. Somewhere Clay Shirky is smiling....

And I would be too, if one of the versions of the URL posted for Barry Heib's white paper were to begin working.

acck, Dr Hieb, wherever you are, my apologies for my spelling....

Colleagues: I received this message from Barry Hieb just today:

I am currently engaged in a project to implement a Voluntary Universal Healthcare Identifier (VUHID, “view-hid”) system based on ASTM standards E1714 and E2553. The system is a voluntary system that will issue both public and private (anonymous) healthcare identifiers at no charge upon request by a patient. See http://vuhid.org for a moderately comprehensive description of the system and how it will function. We currently hope to have the system operational some time around the middle of 2008. Historically there have been numerous barriers to the implementation of such a system including cost, technical issues, lack of national consensus, federal legislation prohibiting funding for such an effort, (legitimate) privacy concerns, and the improbability of being able to pull off a ‘big bang’ implementation. We believe that the design of the current VUHID project avoids or eliminates all of these objections. In particular, we believe that the privacy community will come to support this effort as substantially improving privacy over our current situation while avoiding the privacy risks that would be associated with the creation of any national database of demographic or clinical information. I would be most interested in receiving analysis, thoughts, and feedback at barry.hieb@gartner.com once people have had an opportunity to study our proposal.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Hey there! Welcome to the official Health 2.0 Blog. A community blog for and by the Health 2.0 community.

What people are saying

"What we heard today was to me something like the mobile phone system; it kind of snuck in quietly. It didn't say it was going to replace the landline phones. It just appeared."

-- Esther Dyson

On the site

About us
Defining Health 2.0
Contributor policies & FAQ
Media Coverage
Startup Registration Contact Us
Archives
Advertise

User-generated content
Get involved. Join the conversation!

Calendar
Health 2.0 NE Mixer
January 23, 2008
Boston

Health 2.0: Connecting Providers and Consumers
March 3-4 2008 San Diego

Health 2.0 DVD Set
Catch all of the action from Health 2.0 San Francisco in this limited-edition DVD box set!

Health 2.0 sites

Official Health 2.0 site
The Health 2.0 Wiki

Health 2.0 Updates
Sign up for free semi-weekly updates of new content and links to important new healthcare business and technology stories.

Health 2.0 on Facebook

Come join our active and growing Facebook group! Centering on the Health 2.0 Conference, it's one of the easiest ways to keep in touch, share content, and contribute to the discussion.

Health 2.0 Blog roll

THCB
The Doctor Weighs In
Health Populi
Diabetes Mine
Adam Bosworth
Health Care Law Blog
Google Public Policy Blog

Health 2.0 Company Blogs
Crossover Healthcare
Enurgi Blog
The Health Wisdom Blog
change: healthcare
Revolution Health
Kosmix Blog
Trusera

Feed IconSubscribe!
Health 2.0
Sponsored by

Featured Posts

People Who Need People Use Social Media
By Jane Sarasohn Kahn

Health 2.0 and Identity
By David Kibbe MD MBA

Healthcare Open Source and Community
By Paul Biondich

38 sites....
By Matthew Holt

Consumer Access Practices for Networked Health Information
By David Kibbe MD MBA

More Featured Posts

UnitedHealth Customers Speak
By Miriam Bookey

Dyson, Kibbe Join Advisory Board
By Matthew Holt

Rating Doctors Like Restaurants
By Bob Wachter

Personal Genome Management
By Matthew Holt

The Sparse Information Model
By David Kibbe MD MBA

Health 2.0
a Broad Vision
By Brian Klepper and
Jane Sarason Kahn

Health 2.1
By Esther Dyson

Health 2.0 Note
By David Kibbe

An accelerator
for Health 2.0

By Marty Tenenbaum