HIT Policy Committee Privacy and Security Tiger Team

Deven McGraw, Chair Paul Egerman, Co-Chair

Summary of 12/9 Hearing on Patient Matching December 13, 2010

Tiger Team Members
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Deven McGraw, Chair, Center for Democracy & Technology Paul Egerman, Co-Chair Dixie Baker, SAIC Christine Bechtel, National Partnership for Women & Families Rachel Block, NYS Department of Health Neil Calman, Institute for Family Health Carol Diamond, Markle Foundation Judy Faulkner, EPIC Systems Corp. Leslie Francis, University of Utah; NCVHS Gayle Harrell, Consumer Representative/Florida John Houston, University of Pittsburgh Medical Center David Lansky, Pacific Business Group on Health David McCallie, Cerner Corp. Wes Rishel, Gartner Latanya Sweeney, Carnegie Mellon University Micky Tripathi, Massachusetts eHealth Collaborative Adam Greene, Office of Civil Rights Joy Pritts, ONC Judy Sparrow, ONC 2

‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Barbara Demster, Chair, HIMSS Patient Identity Integrity Workgroup & Consultant Scott Whyte, Senior Director of Physician and Ambulatory IT Strategy, Catholic Healthcare West Shaun Grannis, Director and Principal Investigator for the Indiana Center of Excellence in Public Health Informatics, Regenstrief Institute Brad Malin, American Medical Informatics Association/AMIA Garland Land, National Association for Public Health Statistics and Information Systems Sara Temlitz, Data Quality Business Product Manager, Veterans Health Administration Paul Oates, Senior Enterprise Architect, CIGNA (National Health Plan) Dr. Scott Schumacher, Chief Scientist, IBM Software Group Rich Elmore, Vice President of Strategic Initiatives, Allscripts Mark Gingrich & Paul Uhrig, Surescripts Ken Tarkoff, Senior Vice President/General Manager, Relay Health Sean Nolan, Chief Architect and General Manager for the Health Solutions Group, Microsoft Laurence Castelli, Privacy Officer, Customs & Border Protection, Department of Homeland Security Timothy Boomershine, Fair Isaac/FICO (Finance)

Proposed Questions
1. What level of accuracy should be established for patient matching (i.e., matching patients to their data)? 2. What standards, if any, might need to be established to assist with patient matching? 3. Are there best practices that should be recommended to assist with patient matching?

The focus of today¶s presentation will be common themes that emerged from the 12/9 hearing. We will present recommendations at a subsequent Policy Committee meeting.

False Positives and Negatives Used in Patient Linking

The records in reality belong to: Different people Different people Same person Correct result False positive Same person False negative Correct result
Clinical information not linked, patient has duplicate records

Result from matching

Clinical information assigned to the wrong patient


Clinical information not linked, patient has duplicate records Clinical information assigned to the wrong patient

Common Themes
‡ Accurate patient linking has a number of benefits, including potential for improved patient outcomes, patient safety, greater efficiency, improved fraud detection, promoting data integrity, and reduced inappropriate data exposure.


Common Themes (cont.)
‡ Achieving greater accuracy in linking is a challenge
± Cannot achieve perfection ± Not just a technology problem ± there is a significant human component ± Poor data quality (both accuracy and completeness) significantly inhibits ability to accurately match ± No one-size-fits-all solution ± acceptable margins of error vary based on purposes, populations and settings ± Data linking challenges increase as data gets further removed from the source, and when more sources of data are introduced ± Universal identifiers could be helpful but are not a panacea


Possible Areas of Recommendation
‡ Broaden scope ± ultimately about data quality; about consumers and not just ³patients´ ‡ Measurement of data quality/patient identification accuracy by source organizations - create internal culture of improvement ‡ Standards ± such as required use of existing demographic data fields and formats, minimum set of patient demographics ‡ Development and dissemination of best practices in improving data quality and matching accuracy

Possible Areas of Recommendation
‡ Transparency
± Re: algorithms ± Re: matching rates

‡ Accountability mechanisms, addressing liability concerns ‡ Developing evidence base re: what works ‡ Role of consumers in improving data quality ‡ Propagating corrections



Applicable Law: Universal Patient Identifier
‡ 1999 Public Law 105-277 prohibited HHS from using any of its appropriated funds to promulgate or adopt any final standard providing for, or providing for the assignment of, a unique health identifier of an individual until legislation is enacted specifically approving the standard. Therefore, HHS is constrained from implementing a unique health identifier while this language is in effect.


Applicable Law: Other

‡ HIPAA Privacy Rule ± Minimum Necessary Standard
± Requires evaluation of practices and safeguards to limit unnecessary or inappropriate access to and disclosure of PHI

‡ HIPAA Privacy and Security Rules
± Include a generic provision of assuring the right data is associated with the right person


Sign up to vote on this title
UsefulNot useful