Monday, May 21, 2012

The US Privacy Paranoia

Typical Dutch landscape

During my recent DICOM/IHE seminar in the Netherlands, I got the opportunity to hear from the participants about the state of healthcare in that country, a discussion I always try to attend as I find there is much we can learn from other countries.
The differences between the Dutch healthcare system and the U.S. healthcare system are quite large. First of all, in the Netherlands, everyone has healthcare insurance, something we may or may not be getting closer to in the US depending on the Supreme Court ruling on the healthcare act expected later this year. Second, the Dutch do a far better job in managing their healthcare expenses and also rate much higher in quality of care, access and efficiency. As a matter of fact, in a comparison study between seven countries (Australia, Canada, Germany, Netherlands, New Zealand, the UK and the United States), the Dutch came out on top, and, not surprisingly, the USA ranked on the bottom[1].
I am sure that one of the reasons for the difference in ranking is the level of electronic health record implementations. Even though the number of physicians having an EMR in the US is growing steadily, thanks in part to the incentive program as part of the ARRA Hi-Tech act, it is far from the 90 plus percentage in the Netherlands. Interestingly enough though, there is still relatively little sharing among U.S. institutions and the notion of the Health Information Exchanges (HIE), which are rapidly being deployed in the US, is still foreign.
One thing that the Dutch do right is their use of a so-called “BSN” which serves as the universal patient ID. It is not uncommon for European or even some Asian countries to have a unique identifier that is used as a key for matching patient records, but also insurance verification. I always have a hard time explaining the reasons that there is no such thing in the US. I recall the strong opposition from the privacy advocates when the US government tried to introduce this concept as part of the initial HIPAA discussion. I am personally convinced that the privacy concerns are overrated and that the increased risk for mismatching patient records, and the increased cost of creating an infrastructure to reconcile patient identifiers among different domains, far outweigh privacy concerns. Are Europeans in general less concerned about “big brother” than US citizens? I don’t believe so, for example, some of the information that is important to be captured as part of the patient information in the US, in particular the “race” of a patient, is illegal to be captured in many other countries.
Not having a unique patient identifier means that we have to establish an elaborate patient identification cross referencing system as part of the infrastructure to exchange medical information between different domains. Technically, this is not an issue as there are solid standards defined and the IHE has also defined a well-known and implemented profile to do this. However, how can we practically make sure that a John Smith with the same sex, and birthday is actually the same person? The biggest risk I have been told by a developer of master patient indexing software is the match of an identical twin of the same sex, born on the same day, and obviously having the same last name. No wonder these babies immediately get a wristband when they are born in a hospital, but as soon as they leave that institution, they are on their own risk for misidentification.
I believe a much better solution would be to establish a federal patient identification by which the person should have the option to have a unique identifier (“opt-out”). A recent credit rating check based on my social security number showed a list of accounts under 12 different misspelled names. Imagine if I would do the same for my patient records. Without a unique number, the health record my doctor is looking at might be missing the vast majority of my medical history. As a result of what I call the U.S. privacy paranoia and not having a unique identifier, my risk of having an incorrect, or incomplete medical record is greatly increased. Hopefully, some our privacy advocates will start to see this as the greater danger in terms of healthcare.

[1][1] Source: OECD Health data, 2009