Summary

Just as we're finally at a point where online identity system can solve the health care records problem without using a universal identifier, the US is poised to explore one. Let's not. Instead let's use identity systems that protect privacy.

Patient

Last week the House slipped a provision into the budget bill that would lift the funding ban on exploring a universal patient identifier. The ban is known as the Foster-Kelly amendment. If approved by the Senate, exploration of a universal patient identifier (UPI) could begin in earnest.

I strongly oppose the UPI or universal identifiers of any sort. While healthcare IT professionals may wish for a single identifier to make correlating information easier, I don't know many identity professionals who would advocate universal identifiers.

We have other examples of universal identifiers like Social Security Numbers and even cell phone numbers. Your email address is another universal identifier. The problem with universal identifiers is twofold: First, they are indiscriminate; they don't care who's using them to correlate information about a person. The bad guys, scammers, and surveillers can use them just as easily as the doctors and hospitals. Second, computers make correlating information based on a universal identifier far too easy.

As a result, universal identifiers are a threat to privacy and personal security. No matter what safeguards you put in place, creating a universal identifier scheme like a UPI is going to cause harm to people. Universal identifiers are a 20th Century solution that has no business being used in the 21st Century.

The good news is there's usually no need to create universal identifiers. Use cases for a UPI can be supported without a universal identifier thanks to advances in cryptography and its application. Self-sovereign identity (SSI) provides a model for how to put people at the center of their healthcare and allow them to correlate data where desirable without exposing their records to unwanted correlation by third parties. Hyperledger Indy and Aries are open source projects that support SSI. Sovrin is a project that makes it real and usable.

Ironically, just as we are able to create interoperability and provide patient safety without using a UPI, it's finally moving forward. Instead of creating new privacy and security problems for Americans, I implore the US Senate to earmark funds for exploring how to use SSI to solve the healthcare records problem.


Photo Credit: Patient from PxHere (CC0)


Please leave comments using the Hypothes.is sidebar.

Last modified: Thu Oct 10 12:47:19 2019.