The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Time to Stop Blocking a National Patient Identifier System

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was signed into law and one of its requirements was for the Department of Health and Human Services (HHS) to develop a national patient identifier system. Under such a system, every person in the United States would be provided with a unique permanent ID number that would allow them to be tracked across the entire U.S. health system, not for any form of control, government interference in healthcare, or any other nefarious purpose, but to address a pressing public health and safety issue: To ensure patients can be reliably and accurately connected with their health information. 27 years later and we are no closer to a national patient identifier than we were in 1996.

The reason for the lack of action goes back to 1998, when Representative Ron Paul (R-TX) introduced a ban on the HHS developing a national patient identifier system by ensuring no funding was provided by Congress for that purpose. Language has been included in every appropriation bill since then that prevents any funding from being given to the HHS to use for that purpose. In 2019, Senator Rand Paul (R-KY), son of Rep. Ron Paul, tried to take this a step further by introducing a bill that sought to remove the national patient identifier provision from HIPAA entirely, although the effort did not succeed. Then in 2021, House and Senate appropriators removed the language from the appropriations bill – a move widely applauded by many healthcare stakeholder groups – to allow this long-standing issue to be addressed and permit the HHS to start exploring potential methodologies for introducing a national patient identifier.

Later that year, Sen. Rand Paul wrote to Senate appropriators requesting the reintroduction of the language into the appropriations bill, then – along with Senator Marsha Blackburn (R-TN) – introduced the National Patient ID Repeal Act; standalone legislation calling once again for the provision to be stripped from HIPAA. The bill was not passed, but Sen. Rand Paul’s advocacy helped ensure that the funding ban was reintroduced.

While there has been no progress on a national patient identifier, identifiers have been developed and implemented for employers, health plans, and healthcare providers and, in 2015, Congress passed the Medicare Access and CHIP Reauthorization Act, which saw the introduction of Medicare Beneficiary Numbers (MBNs) for Medicare beneficiaries, which has been a success. MBNs removed the need for Social Security numbers to be used as identifiers on Medicare cards . A national patient identifier would similarly remove the need for SSNs to be provided when registering with healthcare providers, which would help to reduce the harm caused by healthcare data breaches.

Get the FREE
HIPAA Compliance Checklist

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

The Mismatching of Patient Records is a Common and Serious Patient Safety Issue

The primary reason for introducing a national patient identifier system was to ensure patients could be accurately matched with their healthcare information, no matter where in the country they sought healthcare. Such a system would ensure an individual’s healthcare data could not be mismatched with another individual, which was a problem in 1996 and remains a serious patient safety issue today. Each year, the Joint Commission publishes a list of National Patient Safety Goals. and top of the list for 2023, as has been the case for several years, is the correct identification of patients. A national patient identifier could solve this important patient safety issue.

The lack of a universal patient identifier results in duplicated medical records. If a patient visits a healthcare provider and their records cannot be found, a new medical record is created, resulting in the patient’s records being split between two different records. Important information about the patient will be missing from their records, which could include information vital to ensuring that patient’s safety. Patient mismatching often results in repeated, medical tests, which can delay care and cause patients to incur unnecessary costs. There can, of course, be far more serious consequences from the mismatching of patient records, such as medication mix-ups, transplant errors, and catastrophic delays to care resulting in loss of life. These are not uncommon events and occur repeatedly throughout the healthcare system.

The problem of incorrectly identifying patients and mismatching records was exacerbated during the pandemic when thousands of duplicate records were created in the rush to get the population vaccinated. There were many cases of patients being unable to get COVID vaccines as their medical records stated – through mismatching with similarly named patients – that they had already received the vaccine. Misidentification and duplicate health records also caused disruptions to the registration process and vaccine availability at provider sites, hampering efforts to ensure rapid vaccination of the population. When the next pandemic hits, the same problems will likely be experienced again.

In 2020, the Patient ID Now Coalition was founded, an advocacy group whose founding members include the American College of Surgeons, AHIMA, CHIME, HMMS, Intermountain Healthcare, and Premier Healthcare Alliance. Patient ID Now is attempting to build bipartisan momentum to support accurate patient identification by removing the legislative barriers that are preventing the development of a national patient identifier system. Patient ID Now believes the creation of a national patient identifier is one of the most important patient safety issues to address.

Patient ID Now provided an example of the devastating consequences of mismatching patient records. A woman visited her physician who arranged for her to have a mammogram; however, she never received the results. She mistakenly assumed that she was not contacted about the results because nothing bad was found, when the reality was the mammogram results had been mismatched with a patient who shared the same name. The mismatching was only identified when she mentioned the mammogram to her physician during an annual check-up. The mammogram showed she had cancer, and the one-year delay in receiving treatment had allowed the cancer to progress to the point where it was terminal.

This is far from an isolated example. A January 2019 Government Accountability Office Report found that matching patients with the right records was an incredibly common problem. 45% of large hospitals reported experiencing difficulty with accurately identifying patients. CHIME estimates that matching records within hospitals can be as low as 80%, which means 1 in 5 patients may not be matched with their entire medical records. Further, the matching rate may be even lower between organizations that share the same EHR vendor, dropping to just 50%. AHIMA reports that inaccurate patient identification results in $1,950 in duplicative medical care costs per inpatient and causes $1.5 million in denied claims each year.

Why Does the Funding Ban Continue?

A national patient identifier can help to prevent medical errors, save lives, and cut costs, and also has other benefits. A national patient identifier would support clinical and public health research and population health initiatives, which would help with the transition from fee-for-service to value-based care, and that would benefit patients, providers, payers, and the country as a whole. So, what are the main reasons why the funding ban continues?

One of the most commonly cited arguments against the introduction of a National Patient Identifier, and one that has been often stated by Sen. Rand Paul, is to stop government involvement in an individual’s healthcare. “As a physician, I know firsthand how much the doctor-patient relationship relies on trust and privacy, which would be undermined by a National Patient ID,” said Sen. Rand Paul when introducing the National Patient ID Repeal Act in 2021. He explained that the move to strip this provision from HIPAA was to “prevent the government from centralizing patients’ personal health records or interfering with their medical decisions,” and warned that removing the ban “would open the floodgates for a government-issued ID to be linked with the private medical history of every man, woman, and child in America.”

Sen. Blackburn, who supported the bill, said, “The federal government has no right to dictate individual medical decisions or gain access to your private medical records. The existing National Patient ID sets a dangerous precedent for Big Brother to exert even more control over your life, and it is paramount that we prevent the Biden administration from creating it.” It has also been suggested that creating a “cradle-to-grave medical record” would allow individuals’ entire medical records to be used to conduct medical research without consent, although the HIPAA Privacy Rule prevents such uses and disclosures without consent, and there is no reason why additional safeguards could not be introduced with a National Patient Identifier system.

Another argument often put forward is a national patient identifier would make it easier for nation-state actors to steal patient data. “Now, more than ever, it is crucial to protect Americans’ genetic information from theft by foreign actors like China,” said Sen. Rand Paul when introducing the National Patient ID Repeal Act. While these are valid concerns, it is worth bearing in mind that big tech companies and data brokers are already compiling huge amounts of incredibly personal data on individuals, including health information, and are using and selling that information without restriction. Companies such as AncestryDNA and 23andMe (and many others) provide hugely popular services to the public that involve sequencing DNA, and these companies are not even bound by the protections of HIPAA.

It is also important to point out that healthcare data theft is a problem without a national patient identifier. As of January 31, 2023, more than 383 million healthcare records have already been stolen along with identifiers such as Social Security numbers. If a healthcare-only identifier was introduced, patients would not have to disclose their Social Security numbers to their healthcare providers, thus helping them to protect themselves against identity theft and fraud. While it has been suggested that patient trust could be lost due to a national patient identifier, a system could be set up akin to the credit monitoring system, and patients would be able to monitor access to their healthcare data and see exactly who accesses it and for what reason.

National Patient Identifiers Have Been Successfully Introduced in Many Developed Countries

A national patient identifier has been introduced in many developed countries with great success and has helped to eliminate patient misidentification. For instance, in the United Kingdom, all patients are issued with a unique National Health System ID number, which allows patients to be matched with their medical records no matter where they receive healthcare through the NHS system. Sure, if the NHS is hacked, then entire medical records could be stolen, but in the UK, it is seen as far more important to ensure patient safety by correctly matching patients with their entire medical records than any potential risks of worries about government control.

While there are clear benefits to a national patient identifier – which I feel far outweigh any negatives – introducing such a system is not without problems, one of the biggest is the cost. which has been estimated to be in the region of $1.5 billion and $11.1 billion, and there will undoubtedly be challenges in implementing any such system.

Removing the appropriations bill language will at least allow the HHS to start exploring how a national standards-based system could be introduced to ensure patients can be accurately matched with their medical records and start obtaining feedback from stakeholders on potential methodologies. Surely, it would be better to actively address the pressing public health and safety issue of mismatched patient records, than to keep rejecting the idea due to outdated fears about the government controlling individuals’ healthcare decisions.

Steve Alder, Editor-in-Chief, HIPAA Journal

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.


Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist