Allscripts
Written Public Testimony
Richard Elmore
Vice President, Strategic Initiatives
Introduction
To Deven, Paul and the Privacy & Security Tiger Team members – thank you for
the opportunity to participate in in this vitally important hearing.
The published purpose of this hearing is “to learn about experiences in linking
or matching patients to their information”. In the technical community, there
has been a debate when a patient match is established regarding the relative
merits of dynamically linking the patient information versus the merging of the
patient information. As a result, in this testimony, the word “matching” has been
used to establish when information from two systems are determined to refer to
the same person. The word “linking” is used to refer to links to information for
the same person.
These linkages can be established at any number of points in the workflow, but
there are two basic methods:
• Dynamic linking, which is real-time linking based on demographics with
records kept separate, or
• Static merge, which means a link is established, with the data potentially
combined and maintained at that point in time
Most legacy systems in use in the U.S. today use deterministic matching (the
most basic statistical matching looking for exact matches over 4 or 5
demographic variables). This may have been a workable solution for smaller
patient populations that resided in a society where demographic factors like
name and address were more stable, and where the collection of unique
identifiers like social security number was better tolerated. All of that has rapidly
changed, however, and many of the legacy systems haven’t kept up with the
need for advances in patient identity.
As the distance between the settings of care gets smaller, and as there is more
interconnectedness, the opportunity for error rises rapidly. In an interconnected
world, the borders get fuzzier. Patient matching was important in the 90’s as
hospitals consolidated and now, with ACO’s, Community Health Teams and other
payment reform initiatives rapidly gaining momentum, the pace of consolidation
is quickening even more, with the importance of accurate linking growing
exponentially alongside.
• Providers with low tolerance for matching errors have implemented unique,
invariant, non-disclosing patient biometric identification techniques like
palm vein scanning.
• Patient identification for devices is typically driven from the EHR to the
device using web services.
o Source data quality, completeness and consistency – these are by far and
away the most often reported sources of patient matching problems.
o Local population characteristics and social factors that impede good quality
data including common names, sharing of identity information (or in the
case of drug abuse – the use of multiple identities), and other factors
o Pediatric workflows
As an example, Steven Anderman, Bronx Lebanon Hospital’s COO has led major
advances in care coordination and technology at Bronx Lebanon, as well as
health information exchange through the Bronx RHIO. Many of the “externalities”
listed above are applicable at Bronx Lebanon and these adversely impact patient
registry quality. Bronx Lebanon Hospital’s patient population is two thirds
Medicaid and is subject to frequent moves, often provide bad addresses and
phone numbers, and creates a tremendous burden in terms of collecting good
demographics. And patient identity sharing is common. The process repeats
itself at each health care organization in the community. This places an
undue burden on the provider to be the regulator of patient identity.
Providers use a variety of tools and processes for handling patient matching
problems, including:
o When no match is found, user workflows and tools for research and
resolution are typically applied.
One example is North Shore Long Island Jewish. They identify the potential
duplicates centrally and then are able to communicate with various Medical
Records Departments electronically to obtain the information necessary to
resolve them. They can also assign the resolution to the respective Medical
Records departments. Currently they have at least 8 systems feeding the
Allscripts EMPI and are adding additional participants at a steady pace.
We can find a powerful real world example of the dangers of wrong matches in a
recent case where a patient had an EKG at her local clinic. While she was at the
clinic, they misplaced her EKG and mistakenly evaluated her based on another
person’s EKG. The wrong EKG, with her name hand-written on top, incorrectly
indicated that she was on the verge of a heart attack. The ensuing clinical
response ultimately resulted in coma and then her death. In this simple case,
where the patient match involved data only intended to move from the device to
the physical patient in the same clinical setting, during the same encounter,
without an EHR and without any health information exchange technology, had
deadly consequences.
This story is very revealing for those of us who are engaged in the policy
conversation. In fact, it’s a bit of a Rorschach test. As you tell this story, there
is a tendency for listeners to jump to their pre-conceived notions of what’s
important about patient matching depending on their role in the healthcare
ecosystem.
Providers are very aware of the potential for patient safety issues in the event of
a wrong match. Typical of the issues include the need to review/change
medications, inform pharmacies, manage rework of the records, and
communicate with providers, consulting providers and patients.
The providers did identify privacy concerns, as well, in the event of a wrong
patient match. This includes the risk of privacy exposures when the wrong
information is entered into a patient’s chart and the potential need to explain this
to a patient.
There are privacy considerations, as well, in connection with larger data bases,
unique patient identifiers (not including VUHID – more on this below) and
potentially non-essential information being shared in connection with patient
matching.
The fact of the matter is that the industry doesn’t have consistent measurement
and performance standards for patient matching accuracy. The Allscripts
providers interviewed on this topic generally reported overall accuracy rates of
99.9+% or 100% after human review and ~97+% on automated match.
However, they acknowledge the presence of some errors, and this more
consistently aligns with the findings of the RAND study, in which statistical
matching generated a false-negative error rate of approximately 8%, meaning
that there can be data gaps needed for identification around 8% of the time.
Note that this also points out that when social security number is shared among
patients, or otherwise mis-used, the risk substantially increases of mixed
records.
5. Lessons Learned
Support for the small provider: Patient registries for health information
exchange will of necessity be dealing with multiple and various clinical and
administrative systems, large and small, that all must be able to participate.
70% of healthcare is provided in small practices, and these providers must have
access to the same levels of capability, performance and supporting tools for
patient matching as those available to an enterprise.
The bottom line is, ONC should look to these experienced healthcare
organizations for continuing innovation. As the rest of this testimony suggests, it
isn’t about the match as much as it is about the quality, consistency, resilience
and recovery capabilities around the match. ONC should consider how to provide
the platform for innovation and allow the market to develop.
In all cases cited, the high performance solutions will be cost-effective compared
to current operational costs managing errors and rework.
• Merge (or link) functionality to correct the MPI and through HL7 ADT-type
transactions to communicate the corrections to participating organizations.
• Progressive adoption over several stages of the IHE profiles (in sequence:
PIX, PDQ, Pediatric, XCA/XCPD).
These are emerging at places like Hartford Healthcare System where Steve
O’Neill’s IT team is in pilot with four acute care facilities, several federal qualified
health centers, and independent Connecticut physician organizations. The
strategy calls for leveraging the patient registry and health information exchange
infrastructure to create a patient throughput platform, providing a variety of
services across heterogeneous provider platforms.
ONC may also want to give due consideration to two excellent published works
on this topic: Connecting for Health’s 2005 Linking Health Care Information:
Proposed Methods for Improving Care and Protecting Privacy and the HIMSS
2009 Patient Identity Integrity (PII) work group recommendations which
included developing demographic data standards, medical device standards for
identification and HIT workflow support for analysis and correction of duplicates.
As we all know, the subject of unique identifiers is one that engenders a strong
response from different constituencies, and there is even a law prohibiting simple
discussion of a national patient identifier. However, it is our sense that such
limits were applied at a time when health information technology and the ability
to securely exchange health information was in a very different place, and it’s
time to revisit the conversation
1. Solutions:
While basic matching technology is well established, there are significant gaps in
the solutions outlined above. These include:
• IHE profiles for PIX are well established. PDQ, Pediatric profiles and
XCA/XCDP are emerging.
Conclusion
To the Privacy and Security Tiger Team members – thank you for the terrific
progress that you’ve made to date, your ever mindful work to gain and keep the
public’s trust, and your continued leadership on key issues in connection with
privacy and security in healthcare. It will take your leadership to make the
imperfect “near perfect” for patient matching. Resilience and recovery will be
the key in lieu of a “perfect solution”.