HIT Policy CommitteeHIT Policy CommitteePrivacy and Security Tiger TeamPrivacy and Security Tiger Team

Deven McGraw, Chair

Paul Egerman, Co-Chair

Summary of 12/9 Hearing on Patient Matching

December 13, 20101

Tiger Team Members

2

• Deven McGraw, Chair, Center for Democracy & Technology

• Paul Egerman, Co-Chair

• Dixie Baker, SAIC

• Christine Bechtel, National Partnership for Women & Families

• Rachel Block, NYS Department of Health

• Neil Calman, Institute for Family Health

• Carol Diamond, Markle Foundation

• Judy Faulkner, EPIC Systems Corp.

• Leslie Francis, University of Utah; NCVHS

• Gayle Harrell, Consumer Representative/Florida

• John Houston, University of Pittsburgh Medical Center

• David Lansky, Pacific Business Group on Health

• David McCallie, Cerner Corp.

• Wes Rishel, Gartner

• Latanya Sweeney, Carnegie Mellon University

• Micky Tripathi, Massachusetts eHealth Collaborative

• Adam Greene, Office of Civil Rights

• Joy Pritts, ONC

• Judy Sparrow, ONC

Testifiers

• Barbara Demster, Chair, HIMSS Patient Identity Integrity Workgroup & Consultant• Scott Whyte, Senior Director of Physician and Ambulatory IT Strategy, Catholic

Healthcare West• Shaun Grannis, Director and Principal Investigator for the Indiana Center of Excellence in

Public Health Informatics, Regenstrief Institute• Brad Malin, American Medical Informatics Association/AMIA• Garland Land, National Association for Public Health Statistics and Information Systems• Sara Temlitz, Data Quality Business Product Manager, Veterans Health Administration• Paul Oates, Senior Enterprise Architect, CIGNA (National Health Plan)• Dr. Scott Schumacher, Chief Scientist, IBM Software Group• Rich Elmore, Vice President of Strategic Initiatives, Allscripts • Mark Gingrich & Paul Uhrig, Surescripts• Ken Tarkoff, Senior Vice President/General Manager, Relay Health• Sean Nolan, Chief Architect and General Manager for the Health Solutions Group,

Microsoft• Laurence Castelli, Privacy Officer, Customs & Border Protection, Department of

Homeland Security • Timothy Boomershine, Fair Isaac/FICO (Finance)

3

Proposed Questions

1. What level of accuracy should be established for patient matching (i.e., matching patients to their data)?

2. What standards, if any, might need to be established to assist with patient matching?

3. Are there best practices that should be recommended to assist with patient matching?

The focus of today’s presentation will be common themes that emerged from the 12/9 hearing. We will present recommendations at a subsequent Policy Committee meeting.

4

False Positives and Negatives Used in Patient Linking

Clinical information not linked, patient has duplicate records

Clinical information assigned to the wrong patient5

The records in reality belong to:

Different people

Same person

Result from matching

Different people

Correct result False negative

Same person False positive Correct result

Clinical information assigned to the wrong patient

Clinical information not linked, patient has duplicate records

Common Themes

• Accurate patient linking has a number of benefits, including potential for improved patient outcomes, patient safety, greater efficiency, improved fraud detection, promoting data integrity, and reduced inappropriate data exposure.

6

Common Themes (cont.)

• Achieving greater accuracy in linking is a challenge– Cannot achieve perfection– Not just a technology problem – there is a significant human

component– Poor data quality (both accuracy and completeness)

significantly inhibits ability to accurately match– No one-size-fits-all solution – acceptable margins of error vary

based on purposes, populations and settings– Data linking challenges increase as data gets further removed

from the source, and when more sources of data are introduced

– Universal identifiers could be helpful but are not a panacea

7

Possible Areas of Recommendation

• Broaden scope – ultimately about data quality; about consumers and not just “patients”

• Measurement of data quality/patient identification accuracy by source organizations - create internal culture of improvement

• Standards – such as required use of existing demographic data fields and formats, minimum set of patient demographics

• Development and dissemination of best practices in improving data quality and matching accuracy

8

Possible Areas of Recommendation

• Transparency

– Re: algorithms

– Re: matching rates

• Accountability mechanisms, addressing liability concerns

• Developing evidence base re: what works

• Role of consumers in improving data quality

• Propagating corrections

9

AppendixAppendix

10

Applicable Law: Other

• HIPAA Privacy Rule – Minimum Necessary Standard– Requires evaluation of practices and safeguards to limit

unnecessary or inappropriate access to and disclosure of PHI

• HIPAA Privacy and Security Rules – Include a generic provision of assuring the right data is

associated with the right person

12