Journal of AHIMA - June 2011

address these concerns. According to Barry Hieb, MD, chief scientist for Global Patient Identifiers, “One of the strongest reasons to adopt a uniform healthcare identifier is its ability to support privacy through the use of anonymous identifiers and anonymized data sets. This promises to enable a new era of patient control of the privacy of their clinical information through the creation of a standardized method to segregate and anonymize information in support of confidentiality and privacy.” 6

Various options to verify selection of a patient by using extended information are:

x Universal identifier x Health system–specific medical record number x Third-party payer-specific ID x Biometric identifier

Best Practices for Limiting SSN Use

Current identity theft concerns, overuse of the SSN, attempts to curtail SSN use, and potential database security risks make a sound argument as to why the SSN is not acceptable as a patient identifier. However, the SSN historically has been collected as an adjunct constant for ID and in some cases actually used as the medical record number.

A RAND study provides additional support in limiting the use of SSNs in healthcare by reporting that “the most likely causes of false-positive errors are data-entry errors and use of an insufficient number of attributes in a statistical search for matches… Larger health record databases, such as those of a national or large regional network, almost certainly require a unique identifier to avoid false-positive errors.” 7

Many facilities already have made major conversions to limit SSN use and even eliminate its collection. Many major health plans have eliminated the need to collect it as systems are converted and patient identifications processes strengthened.

Realistically, it will take decades to cycle the SSN out of healthcare. In the meantime, organizations should take the following recommended steps to manage its use:†

x Organizations that are not currently using the SSN for
identification purposes should not begin to do so.
x Organizations that collect the SSN for identity and record-
linking purposes should establish a conversion plan to
eliminate its collection and use. They should develop and
train employees in other matching methods to reduce the
organization’s dependence on the SSN during the conver-
sion process.
x Organizations that use the SSN for patient identification
should limit its display to the minimum number of docu-
ments and screens necessary to accomplish its business
use. They should further limit its display to the minimum
number of digits necessary. ¢

Notes

1. Social Security Administration, Office of the Inspector General. “The Realities We Face: Continuity Amid Change. April 1, 2004 thru September 30, 2004.” Semian-

Practice Brief

nual report to Congress. www.ssa.gov/oig/ADOBEPDF/ sar042004102004.pdf.

2. O’Carroll, Patrick. Testimony before the Subcommittee on Social Security of the House Ways and Means, July 10, 2003. http://ftp.resource.org/gpo.gov/hearings/108h/99677.txt.

3. Privacy Rights Clearinghouse. “Fact Sheet 10: My Social Security Number—How Secure Is It?” www.privacyrights. org/fs/ fs10-ssn.htm#4.

4. Hildebrand, Richard, James H. Bigelow, Basit Chaudhry, et al. “Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System.” 2008. www.rand.org/pubs/monographs/MG753. html.

5. Anderson, Howard. “The Problems with Patient Identifiers.” January 29, 2010. www.healthcareinfosecurity.com/ articles.php?art_id=2071.

6. Hieb, Barry. “A Cost Effective Method to Create a Universal Healthcare Identifier System.” Electronic Journal of Health Informatics 5, no. 1 (2010). www.ejhi.net/ojs/index.php/ ejhi/issue/view/8.

7. Hildebrand, Richard, James H. Bigelow, Basit Chaudhry, et al. “Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System.”

References

AHIMA. “Managing the Integrity of Patient Identity in Health Information Exchange.” Journal of AHIMA 80, no. 7 (July 2009): 62–69. Available in the AHIMA Body of Knowledge at www.ahima.org.

AHIMA. “Reconciling and Managing EMPIs (Updated).” Journal of AHIMA 81, no. 4 (Apr. 2010): 52–57. Available in the AHIMA Body of Knowledge at www.ahima.org.

Comcast Finance. “Your Social Security Number May Not Be Unique to You.” August 13, 2010. www.comcast.net/finance/ for whatitsworth/5891263yoursocialsecuritynumbermayn otbeuniquetoyou/.

Dimick, Chris. “Exposing Double Identity at Patient Registration.” Journal of AHIMA 80, no. 11 (Nov/Dec 2009): Web extra. Available in the AHIMA Body of Knowledge at www.ahima.org.

Dimitropoulos, Linda L. “Privacy and Security Solutions for Interoperable Health Information Exchange: Perspectives on Patient Matching: Approaches, Findings, and Challenges.” June 30, 2009. www.rti.org/pubs/fip_execsumm.pdf.

E-HIM Work Group on Patient Identification in RHIOs. “Surveying the RHIO Landscape: A Description of Current RHIO Models, with a Focus on Patient Identification.” Journal of AHIMA 77, no. 1 (Jan. 2006): 64A–D. Available in the AHIMA Body of Knowledge at www.ahima.org.