The importance of patient and resident identity management has grown exponentially as healthcare undergoes a digital transformation. Healthcare organizations (HCOs) are extending patient identity and associated attributes across their organizations for the purpose of linking all patient-related information required for clinical management. There is a marked focus on moving patient identity across organizational boundaries into data sharing initiatives such as business intelligence, population health, wellness and health information exchange.
Patient/resident identity in these systems must be trusted and accurate. Without integrity, there is potential for errors in the medical diagnosis, patient treatment, patient intake and billing processes.
Health Information Exchanges
An illustration that showcases the importance of patient identity is the use of health information exchanges (HIE). An HIE digitally moves clinical information among disparate healthcare information systems. It supports the goal of facilitating information handoffs between healthcare providers during transitions of care. Appropriately matching patient identity and integrating it within the HIE ensures the caregiver will receive an accurate record.
To appreciate the complexity, consider the transitions of care associated with a typical patient journey. A patient visits her primary care provider (PCP) for a routine visit. The provider queries her electronic health record (EHR) and administers care. The patient is then referred to a specialist for consultation. The specialist creates a record in their practice EHR and diagnoses a condition that requires surgery. The patient is admitted to the surgical hospital. During patient registration, the patient is added to yet another EHR. The patient then returns to follow-up care by the PCP.
At each transition point, a unique EHR was used with a unique patient identity and set of associated attributes. In advanced scenarios, each EHR then moves this information into the HIE. The next provider in the journey can view the treatment activities though the HIE.
For the HIE to provide value, integrity is paramount. HIE is supplied by source systems that create master patient index records. Without trust, security and accuracy, there is the potential for the HIE to provide incorrect information, impacting quality and safety. Incorrect information can also negatively impact the revenue cycle.
Patient identifiers are sensitive information governed by federal regulations such as HIPAA and various state laws. These regulations coupled with the complexity of HCO business relationships, dated regulations, data flows and aging IT systems, create an environment where it is increasingly difficult to enforce regulatory compliance and manage risk.
For the effective management and security of patient identifiers, HCOs must take a programmatic approach to managing their confidentially, integrity and availability. The approach must integrate multiple business functions that include disciplines such as master data management, enterprise architecture, application management, infrastructure, security, privacy and compliance.
This is how we are tackling the challenge at Texas Health Resources. We are taking a programmatic approach to help ensure a strong organizational framework that includes policies, standards and procedures. These articulate the importance of maintaining the confidentiality, integrity, accuracy, and availability of patient identifiers and associated attributes. We are modifying security architectures that were originally designed to protect data within the walls of our organization.
Architecture now accounts for data being securely shared outside traditional organizational boundaries. With this transformational shift, we are helping ensure that our contractual relationships with service providers contain the appropriate language and technical safeguards. Our goal is to take this complexity and make it simple for the clinician and patient.
One area seeing increased emphasis related to patient identity is the deployment of biometric systems such as palm vein scanners. These emerging technologies have the potential to improve security, increasing patient identity trust, internally and externally. We should embrace these.
Patient identity management holds the promise for the future. Managed poorly, lack of data integrity and loss of trust will cause clinicians to abandon the progress made on this digital journey. Managed well, we will see accelerated adoption and acceptance of EHR and HIE and other emerging technologies. The net cumulative effect will be increased quality of care and patient safety and greater efficiencies in revenue cycle management. Effective patient identity management is a foundational building block in the era of accountable care.
Edward Marx is chief information officer, and Ronald Mehring is director of information security, Texas Health Resources.