Tuesday, November 15, 2016

No Thanks, I Already Have a Number

Health care has a problem.  Well, of course, it has many problems, but one of them is that the various parties involved in the health care system can't agree on who we are.   Twenty years ago HIPAA called for creation of unique patient identifiers to accomplish this task, but within two years Congress put this on hold until further notice, and we're still waiting.

Everyone used to use social security numbers for this purpose, until we finally figured out the folly of that (especially since that number was never intended to be used as a national identification number).  The private sector continues to clamor for federal action, while CHIME launched a National Patient ID Challenge in order to come up with solutions.

News flash; we already have a unique, non-government-issued identifier: it's called a cell phone number.

It's obvious why we want a universally accepted patient identifier.  Providers and insurers have to agree on who you are to exchange claims and payments.  Different providers have to agree on who you are if we're ever going to get to interoperability of health information.  Andrew Gettinger, the chief medical information officer, views the unique identifier as a crucial safety measure -- he prefers the term "individual safety indentifier."  As he said at the AHIMA 2016 conference:
Until we can consistently identify who our patients are, aggregate their information regardless of where it’s stored and allow clinicians to use that information in their patient care, we’re going to continue to struggle.  Right now, folks at Google know more about our medical information than the doctors and nurses caring for you.
We can't/shouldn't use social security numbers, and not everyone has a drivers license number.  Health insurance numbers change whenever you change insurers, or even stay with the same insurance company but change employers.  What to do?

Thus the cell phone number.

According to the Pew Research Center, in 2015 92% of U.S. adults had a cell phone (almost three-fourths of which were smartphones, by the way).  That's not everyone, but not everyone has a social security number either.  When you do business with almost any organization these days, you are likely to be asked to provide your email and cell number number.

The New York Times reported on how the cell phone numbers have already become a widespread identifier.  As a security consultant told them, it has become "kind of a key into the room of your life and information about you."  It may be linked to even more information about you than your social security number, leading Robert Schoshinski, the assistant director for privacy and identity protection at the FTC, to say: "The point is the cellphone number can be a gateway to all sorts of other information.  People should think about it."

As The Times pointed out, there are no legal requirements for companies who have your cell phone number to keep it private, unlike protected health information (PHI).  To be fair, they also noted how poorly protected social security numbers have been as well, leading to billions of dollars in annual fraud losses.  With cell phones, though, hackers have shown that, once they have your number, not only can they link you to various databases, but they can also listen to your phone calls, read your texts, even track your location.

However, it's not all bad news.  You can lock your phone or change your number if you think your cell phone number has been breached.  A former deputy director of the Consumer Financial Protection Bureau offered hope, telling The Times: "What you can do with the cellphone number and mobile technology represents a pretty substantial advantage in the ongoing war against fraud and identity theft."

Let's look back at the CHIME challenge guidelines.  The proposed solution has to:
  • Easily and quickly identify patients
  • Achieve 100% accuracy in patient identification
  • Protect patient privacy
  • Protect patient identity
  • Achieve adoption by the vast majority of patients, providers, insurers, and other stakeholders
  • Scale for usage in care settings across the country, regardless of size
If we were to get legislation protecting the privacy of our cell phone numbers -- as we should be demanding for a variety of reasons anyway -- then are there any of these criteria that cell phone numbers don't meet?

Like it or not, our cell phones are becoming our lifelines to the world, including but in no way limited to health.  Health care might as well acknowledge that fact, the way that most other industries are already starting to.  You can send money to someone using just their cell phone number; why not file a claim or link electronic records?

Don't want to use your cell phone number as your identifier?  OK, get a free Google Voice number, or use an app like Sideline to add a free second number to your existing mobile phone.

Your cell phone itself may already be more of an identifier than we realize.  New research at the University of California San Diego School of Medicine claims that the molecules we leave behind on our phones can create surprisingly detailed "lifestyle sketches" about us.  They see the technique as a new forensic technique, allowing law enforcement officials to help identity people, but they also see health care applications like monitoring medication adherence or how well someone is metabolizing new prescriptions.

While the technique is far from perfect, and not as precise as DNA or even fingerprints, lead author Pieter Dorrestein told The Wall Street Journal that in their test on 39 participants, "We got 90% of the people correctly identified based on the chemistry of the phone."

It kind of makes worrying about using our cell phone numbers as an identifier seem trivial.

It will be interesting to see what creative solutions result from the CHIME Challenge, or if Congress will finally allow HHS to develop a solution.  Either way, the solution is likely to introduce yet another number in our life, and one that may come freighted with the burden of being a "federal ID."  Adoption will take time, as the numbers would have to be issued, systems updated to store the number, and protocols developed to communicate with it.

Meanwhile, most systems even in health care already can and probably do store our cell phone numbers.  It'd be just like health care to develop an expensive new solution to a problem.  For once, could we go the obvious route?


No comments:

Post a Comment