A (much) better approach to patient identification

Unlike some others, I’m optimistic about the creation of CommonWell and its potential for making more information available to caregivers where and when it’s needed. Not because it’s a new idea, but because I’m lucky enough to have worked with many of the specific individuals involved in the project, and they are simply great folks. If anybody in our community is going to make something real here, it’s these people. So … woo hoo!

That said … their focus on creating a national EMPI has spun up that tired old argument about national patient identifiers … and this one ticks me off because it’s just silly. We have absolutely no need to share a common patient identifier, whether created top-down or synthesized from demographics up. The solution is staring us in the face.

All we need is patients and their existing relationships with providers. This is one of the key transformations that HealthVault offers, but few recognize until they see it at work. When that light bulb does goes off, it’s pretty cool. To see what’s going on, let’s walk through the evolution of a HealthVault record.

When I create a HealthVault record, it isn’t connected to anything. It’s just this empty bucket up in the cloud that I control. I can put my own stuff into it, connect devices like a fitbit or glucose monitor, and so on. So it’s useful, but not particularly exciting. Looks kind of like this:


Now say I get some tests done at LabCorp, and I use their Beacon Portal to get a copy of my results in HealthVault. The Beacon site does some knowledge-based identity proofing to match me to my LabCorp information, and I (the patient) authorizes the link to HealthVault. A “link” is formed between HealthVault and LabCorp, and data can travel between the systems with high confidence:


Now here’s where things get interesting. Say I’m going to visit a new provider and want them to have access to my lab results. Either by giving me a PIN code or leveraging an existing patient portal, that provider can obtain my consent and link my HealthVault record to their internal chart. They can now peek into my HealthVault record and read out the results deposited there by LabCorp, as well as any other relevant information.

This process repeats at each provider and service I visit, creating a personal Health Information Exchange that provides all the capability we need to ensure that the right information is available when it’s needed and relevant, because every linked provider can see (subject to my OK) information from every other participant I’ve linked to my network.



They may look unassuming, but all the magic is in the “links” --- those grey arrows in the picture above. Because the properties of those links are what make this a seriously transformational idea:

  1. There is no “fuzzy” matching. Each link is created as a byproduct of a natural exchange that already occurs in the healthcare system: introducing yourself to a new provider, signing up for an online service, and so on. While no system can completely eliminate the risk of a mismatch, our real-life experience with HealthVault shows it to be dramatically more reliable than traditional EMPI techniques.
  2. Privacy, liability and HIPAA issues between providers COMPLETELY GO AWAY. Each link represents an independent agreement between the patient and a single provider. Information that goes from ProviderA to HealthVault and is then read by ProviderB requires no relationship between A and B whatsoever, because the information is brokered by the patient.
  3. This does not mean that the information can be faked. HealthVault contains extensive audit information, visible to all participants, so they can verify the “provenance” of data before accepting it. This is frankly WAY more reliable than getting a fax or a pile of paper.
  4. There is no common identifier shared between providers. The concern about a national identifier boils down to a fear that we’ll be easier for bad guys to track. In the HealthVault model, every “link” uses a different patient identifier … so the ID that ProviderA uses for me is completely different from the one used by ProviderB. Of course, buried within HealthVault there is a connection, but the system is built to never expose it to linked applications.
  5. And just for the conspiracy theorists out there … the HealthVault terms of use even restrict Microsoft from digging into this data without user consent. And those terms are enforced by the FTC and other agencies … it’s not something we take lightly or can just renege on.

So let’s recap. The HealthVault model is in production today, delivers better quality patient linking than other approaches, eliminates inter-provider privacy, liability and HIPAA concerns, doesn’t require a common patient identifier, puts citizens in greater control of their personal information, and enables more informed care TODAY.


Yeah, we’re making progress and connecting more folks to the network every day --- but I’m not sure how to end this post without screaming in frustration at how slow folks move in this industry. We NEED this NOW, people!