May I Please See Some Identification?

Out of the darkness of terrorism, America’s focus on homeland security casts new light on national ID cards. Conceivably, this could reanimate the stagnant debate over Universal Medical Record Identifiers.

For more than a decade, the advancement of electronic medical records (EMRs) has been hindered by — among other things — the lack of standards for identifying patients.

One of the most widespread unethical practices in American medicine is our collective failure to employ electronic records. Paper is the greatest threat to patient safety, the greatest source of error, miscommunication, and waste, and the most avoidable cause of malpractice. At this time in history, it is inexcusable to withhold the benefits of computerized records from American patients. It’s as basic as washing hands.


Many organizations — even small practices — have implemented EMRs despite the lack of standards, using local or proprietary ID formats. This creates a situation akin to the early days of the telephone, when phone numbers from one company had different numbers of digits than those of another. Two neighbors, subscribing to different services, might be unable to phone each other. Police needed separate connections to several phone companies so all citizens could reach them. (The same dilemma briefly existed in the infancy of ATMs.) Obstacles like these tend to melt away in the heat of commerce.

Except in health care! Currently, even the minority of patients who enjoy superior care through state-of-the-art systems find their data essentially unreadable except on their “home” servers.

Then, in 1996, deep in the fine print of the Health Insurance Portability and Accountability Act (HIPAA), federal law mandated standards for electronic health care transactions. Among these were unique identifiers for employers, health plans, health care providers — and patients. This latter was labeled, “National Health Identifier for Individuals (NHII).”

Of all the standards finally agreed upon by thousands of industry stakeholders (or imposed upon them), the one that proved impossible to finalize was the NHII. Its muddy footsteps trampled outside the health care and computer industries, and splashed noisily into the pond of civil liberties, privacy, and the fear of government (and nongovernment) intrusion. Through three congresses and two presidents, the NHII stalled as a political impossibility. Though promoted with fervor from tepid to torrid, the idea of a “universal patient ID number” could not overcome the passionate — and sometimes rationally stated — concerns of opponents.

And there it sat, until September 11.

Suddenly, with the shift in the American world view following the attacks on New York and Washington, renewed attention has turned to the potential benefits of reliable personal identification. Although still tentative at this point, it’s possible this new consciousness could add weight to a “tipping point” that breaks the impasse over the NHII.

And the NHII is the key to Pandora’s medical record.

Most countries have some national identification system. (Not to mention a national health system, although the one doesn’t have to imply the other.) This includes Europeans with much more stringent privacy laws than we have in the U.S. Hundreds of enterprises, from airlines to phone companies to credit card vendors, have solved the technical and security problems involved with high sensitivity transactions. I’m not citing these as proof of the infallibility of large databases, but they demonstrate the willingness of Americans to balance privacy and efficiency when it comes to critical services.


Having participated in the EMR controversy for years as a physician, ethicist, and software developer (and a patient, too, like everyone else), I believe there are a couple of conditions necessary for the social success of an NHII, no matter what form it takes. The first would be that we not use the Social Security number.

Apart from political and statutory barriers, Social Security numbers fail on a multitude of technicalities. They aren’t unique, there aren’t enough digits, not everybody has one, people remember them incorrectly, newborns don’t have them, they don’t incorporate a “check digit,” and so forth. And the political barriers dwarf all of these. Luckily, there are alternatives much better suited to an electronic world. The main impediment to a system not based on the Social Security number is that it requires mass registration on a scale not seen since the opening of “Harry Potter.”

Another condition I think inescapable is that any national ID system has to be voluntary. A large part of the success of credit cards is that the people who have them, want them. (That is, anyone over age 3 who can answer a telephone.) This eliminates much opposition from conscientious objectors who want to opt out of electronic commerce. It’s like credit cards versus cash: Despite its inconveniences, cash will always be a medium for conducting business. The anonymity of cash guarantees a permanent market, but enough people trust credit cards to make them workable.

Similarly, although anonymous medical transactions are problematic both clinically and ethically, they are not unacceptable in an absolute sense. There is no need for a mandatory registration system outside of public programs.

The most controversial feature that will be forced upon a medical ID system, I speculate, is the potential for pseudonymous “user names.” There is so much misgiving about a single, lifetime, federal (it would have to be federal) ID number that it is terrifically hard to get the American public’s cooperation. And it isn’t necessary. Verifiable IDs don’t have to be unique, or easily identifiable.

Internet service providers with millions of willing subscribers demonstrate that privacy and security can be had along with relative anonymity. Just let people choose their own “medical user names.”

Of course, some major advantages of unique, lifetime identifiers will be lost under this scenario. Epidemiological data on health risks, treatment outcomes and the genetic roots of disease will suffer. It will be disappointing to some researchers to balance this dream against civil liberties. (Granted, it’s possible to join different data sets using common key fields, but across millions of users this is a tough task.) And, there is the inevitable risk of identity theft and impersonation under any system. Still, we will gain huge benefits by adopting a system of verifiable IDs even without requiring that they be “uniquely identified with individuals.”

A universal ID format will permit a million efficiencies and a quantum jump in patient safety. It is the fulcrum on which we can leverage “smart” cards, effective medical records, personalized prompts and reminders, telemedicine and electronic consultation, and a host of other e-health transactions that will revolutionize health care.

In 1991, the Institute of Medicine declared, “Health care professionals and organizations should adopt the computer-based patient record as the standard for medical and all other records related to patient care.” Implementing this goal awaits the adoption of some system of patient identifiers. Whatever form it takes, this appears more likely to happen at this moment than any time in the last 10 years.

Michael S. Victoroff, MD, is medical director for Aetna U.S. Healthcare of Colorado, and chairs the committee on medical informatics of the Colorado Medical Society. His opinions are not necessarily those of Aetna U.S. Healthcare, its management, or its employees.

MANAGED CARE January 2002. ©MediMedia USA

Our most popular topics on