HIMSIG20080307

Jump to: navigation, search

Liberty Alliance Project
HIM SIG
March 7, 2008
11:00am-12:00pm (EST)
Conference Call
Meeting Notes
Author: Kurt Kolok

Attendance:

John Fraser, MedNet (Co-Chair)
Pete Palmer, Wells Fargo (Co-Chair)

Gail Reynolds, Aetna
Matt Madison, CORHIO
Rick Moore, eHealth OHIO
Lena Kannappan, Fugen Solutions
Barry Hieb, Gartner
Dan Combs, Global Identity Solutions
Bob Pinheiro, Individual Contributor
Adrian Gropper, Medcommons
Deborah Lasky, National Health Coordinated ID
John Schoonmaker, Safe BioPharm Assoc.
Paul Donfried, SAIC

Brett McDowell, Liberty Staff
Kurt Kolok, Liberty Staff


Agenda:

1. Intro to ASTM patient numbering standard: Barry Hieb, Gartner
2. Payers interests and needs: Gail Reynolds, Aetna

1. Intro to ASTM patient numbering standard: Barry Hieb, Gartner

ASTM E31 Medical Informatics Group (a group focused on standards related to healthcare).
Healthcare ID was first approved in 1995. E1714—properties of healthcare IDP. There had been no activity focused on the creation of a national healthcare identifier.

The second standard for implementation guidelines associated with the voluntary universal healthcare identification system was published (E2532 on the ASTM site—www.astm.org). It identified how to implement a system for things that have been preventing progress in the past.

o 2005 we started to look at a new way of implementation—pointing out how price and difficultly are fundamentally different.
o 2007 we began implementation of a system described in E2553 (the need to create a single website communicating exclusively with EPI organizations that are being assembled as part of the National Health Network.

Through the 2007 work all kinds of preconceived problems go away. The cost ($1-10 Billion to implement) is currently being implemented based on private funding. Voluntary system therefore avoids federal funding, enabling federal legislation, avoiding activities that would allow the federal government to step in and regulate. The key is that it has been designed to avoid necessity (and prevent the possibility) of creating a national database of demographics or clinical information.

This system:
• Provides a means for unambiguous identification of a person which would:
o allow individuals to exercise control over privacy of their information
o allow one healthcare provider to get clinical information for a patient across the country in the event of an emergency situation.
• Can enhance privacy aspects of patient information.
• Is voluntary
• Is privately funded
• Is likely to pass the muster of privacy advocates.

VUHID was demonstrated at HIMMS last month. It showed the server actively responding to a simulated request from EUI systems. Grant writing has begun and we are setting up negotiations with EMPI vendors to allow transacting against server software in place. It is not yet optimized, but we believe the system will be operational by the end of this year.

Is it running a database/what data is the central system holding?
We have defined a syntax (32 characters). In the database that exists we generate and issue a new identifier on request; we record the nature of the identifier, status, and the date & time indicating the EMPI system to which that identifier was issued.

There are two kinds of identifiers:
• open identifiers (the patient wants to link various health issues)
• private identifiers (the patient wants to keep psychiatric/genetic records separate).

The other information is the rules of the game for each of the different categories of the private identifiers. Based on the operating principle you can determine what kind of data it is but the person remains anonymous. The person is unknown unless he/she chooses to reveal that information.

How does a patient get the identifier?
It communicates only with the EMPI systems. It collects enough information and sends it. The EMPI hangs onto the data and sends a request to view the head server (‘I need an identifier’). The server then sends it back to the EMPI.

Is there a unique set of information(or attributes) you need to collect?
That will be determined by the local EMPI. It is up to each EMPI to do the identification. Once it has collected information to its satisfaction it proceeds to get an identifier for that individual.

Re: using external verification service, credit information, etc are you going to an outside source?
VUHID is not in a position to set policy for RIO or HIE. If they want to do that they can, HIE is responsible to do identification sufficient enough that it is willing to support medical treatment based on the identification process used to get that patient into their system.

Is that high bar/decent driver to get people to do good processes?
The national coordinator has not put out policy as to the level of expectations. Healthcare professionals have set the bar high. It has a burden, they will occasionally refuse to act on information for a patient if it does not meet the bar. If the patient is at the physician’s office they can go back to the patient and ask more questions to confirm their identity. If you do it right the first time then being able to use the identifier allows it to be used again. A patient that does not have the identifier has to go through demographic identifiers each time they need the information. Industry-wide statistics say it is 90% accurate.

Does this give them an ID card?
Yes, it will have the patient number while open identifiers will have the patient’s name on them. Individual organizations can put the information on a smart card or some other method. If it is not an open identifier the card will not have the patient’s name on it.

Re: private vs. open identifiers, are these identifiers unique per patient? Is there such thing as multiple identifiers per patient?
Individuals would have one open identifier and as many private identifiers as they have use cases.

So the EMPI system will be mapping for individual patients?
Yes. There will be demographic matching and identifier cross mapping (has to know the patient was admitted to X hospital under Y patient number, etc…).

Outsourced credentialing service to HIE?
Yes. One additional case reflects the model of a patient needing service out of state. (further details at www.vuhid.org) There was also a paper printed in the ASTM International Journal. Please feel free to contact Barry directly with any questions: Barry.hieb@gartner.com .

This is the only proposal seen that is feasible in today’s environment with the proscription against federal funding and the only system in process to be implemented.

Any thoughts on how this may or may not interoperate with other credentialing systems?
In the original work for the initial standard we concluded that the only feasible approach was if it was exclusive to the needs of healthcare. Conflicts would arise. For example, with regard to Social Security Numbers, if you are not a citizen you do not have a SSN so it could not be used as a healthcare identifier. This identifier has to be dedicated to healthcare and identifiers would be issued to anyone who asks for one at no charge.

Gail: As a payer, we are seeing that there are a lot of organizations that are credentialing people. How do you know which identity to trust? Aetna has owned the identities, but you have consumers who are used to other companies owning their identity. These people are being registered and allowing their information to flow through various organizations.

HIE is legally liable if someone is treating someone with the wrong data. All this system does is give you a mechanism to make it highly accurate and simple. Whoever sets the rules has to set them so they conform. They will do EMI matching in perpetuity.

NOTE: Barry suggested that it would be beneficial to see case studies/white papers from a Liberty perspective showing how that capability represents value to healthcare.

We do not know who the person is and we have two mechanisms to help solve that. If someone finds that a particular identifier is being misused we would terminate that identifier and the person would apply for a valid identifier. The unsolved problem is a way to confirm whether or not the data is valid. The way they identify you is to use your identity, if that group of data is misused or compromised we do not yet know how to recover it. We anticipate over time that there will be more and more interest in private identifiers which will allow patients to hand over clumps of information without compromising your identity. The identifier would be compromised versus the identity itself being compromised.

2. Payers interests and needs: Gail Reynolds, Aetna

A lot of different identities exist, and therefore the following issues/questions arise:
How can you really verify someone’s identity? For the companies that buy insurance or administer our plans, they see the web presence and ask how you are sure this person is not an ex-spouse masquerading as their current spouse, etc…
How can you be reasonably sure a person is who they say they are?
How can we leverage things such as what Barry described?


Insurance companies are not really being considered (providers/members seem to be the focus of the work going on out there re: identity proofing).
o Are people actually ready to take ownership of their identity since they haven’t done it before?
o How can we best promote these identities and enable people to take ownership?
Gail.reynolds@aetna.com

A group called good health network has implemented some things and Aetna has done some of that in a very rudimentary stage.

Why don’t you authenticate the people yourselves? Is it too costly? What about the process is unacceptable?
Aetna has millions of constituents and we do not know who they are because we do business with their employer or government. We rely on the employer or government to give us the data.

Insurance companies are second party consumers (or possibly even 3rd or 4th down) and their participation is vital to this work.

Has Aetna done any cost benefit studies suggesting what the value to Aetna would be if the problem were solved?
We do not want anything publicized that shouldn’t be, how do you put a dollar figure to that? It is becoming more functional as ecommerce grows. Generally people do not want to pay for this.

Why couldn’t Aetna provide data such as ‘Id theft is costing X and if we improve authentication it should go to X% of that’?
A customer claimed that Aetna was not doing everything they could to prove identity and it became a top priority for the company. It had previously been low on the priority list for clients. We could not get the information to do a cost-benefit analysis.

We are looking for interoperable systems and assurance of identity. We have the IA (Identity Assurance) framework to answer the question ‘how can I trust the identity’. With regard to an interoperability on a system like Barry’s which provides for a useful identifier, can others use it outside that system? Technology could provide the interoperable opaque pseudonymous identifier (through a SAML assertion).

There is a significant difference between identifier and authenticator. The VUHID has nothing to do with authentication, it is effectively a random number. VUHID and E2553 have nothing to do with authentication unless we have a strong way to link them.

We will continue this discussion on the next call.

ACTION: All please forward to John or Peter specific agenda items for the call two weeks from today.

Meeting Adjourned 12:00pm

Retrieved from "http://wiki.projectliberty.org/index.php/HIMSIG20080307"
Personal tools