Journal of AHIMA - June 2011

Limiting the Use of the Social
Security Number in Healthcare

AHIMA Compendium http://compendium.ahima.org Throughout this brief, sentences marked with the † symbol indicate AHIMA best practices in health information management. These practices are collected in the new AHIMA Compendium, offering health information management professionals “just in time” guidance as they research and address practice challenges.

WITH ITS UNPRECEDENTED funding to support the effective implementation of health IT and health information exchange (HIE), the American Recovery and Reinvestment Act of 2009 has given new urgency to the need for a national health identifier. Because no unique personal identifier has been established, many providers have defaulted to the Social Security number (SSN) as a unique identifier. This practice brief outlines the importance of accurate pa- tient identification. It also provides guidance on limiting the use of the SSN in patient identification practices and outlines the unique identifier option.

The Importance of Patient Identification

Today, a single patient is likely to have a different identifier for every provider and organization from which he or she has received treatment. These multiple identifiers lead to inefficien-cies along the continuum of care, including fragmented health records. In addition, confusion between the terms “personal identifier” and “ID set” can lead to inaccuracies.

A personal identifier is meant to describe a single attribute associated with an individual. In the absence of a personal identifier, a set of multiple attributes can be used to improve the accuracy of identification.

The process of accurately identifying patients is critical, because errors in identification can affect clinical decision making and patient safety, create risk to a patient’s privacy and security, and result in duplicate tests and increased costs to patients, providers, and payers. In addition, one organization’s patient identification errors will multiply exponentially within a health information exchange network.

Organizations therefore must develop, implement, and maintain practices that support accurate patient identification, including the following:†

x Obtain copies of a government-issued picture identifica-
tion (such as a driver’s license, passport, or official identity
card) and insurance card each time a patient registers
x Develop a customer-friendly script for requesting patient
identification and verification information
x Define a set of attributes that will be used consistently for
patient identification
x Build effective business processes and quality checks
with clear standards, policies, and procedures into pa-
tient identification activities

x Improve the accuracy of patient matching by collecting
additional data elements such as mother’s maiden name
HIPAA attempted to streamline patient identification by re-
quiring organizations create a unique health identifier for every
patient. However, in 1998 political and privacy concerns caused
Congress to include a section in the Omnibus Appropriations
Act that prohibits the Department of Health and Human Ser-
vices from using federal funds to implement the unique health
identifier requirement “until legislation is enacted specifically
approving the standard.”
In the ensuing 13 years, technology has advanced dramatical-
ly, and many of the privacy concerns surrounding the unique
health identifier now can be addressed with technology and
sound business practices underpinned by federal and state
regulation.

Patient Identification’s Effect on Data Integrity

EHR functionality, links within health systems, data sharing within a regional HIE, and the Nationwide Health Information Network all depend on the integrity of patient ID data. Accurate patient ID data are the basic building blocks of true interoperability. However, as data sharing increases, the integrity of the patient ID data decreases. In fact, systems with local controls often have more reliable ID data. Reliability decreases as a system expands to include multiple entry points, systems, and users. The growth of a system correlates directly with the increased risk to the accuracy of its data.