1. National Health Identifiers: Foundations for UHC Asia eHealth Information Network (AeHIN) 3rd General Meeting 4 December 2014 Xenophon M. Santas Lead, Health Information Systems Division of Global HIV/AIDS U.S. Centers for Disease Control and Prevention (xsantas@cdc.gov) Center for Global Health Division of Global HIV/AIDS

2. http://www.unaids.org/en/resour ces/documents/2014/national_h ealth_identifiers

3. Considerations and Guidance for Countries Adopting National Health Identifiers, 2014 –Joint UNAIDS, WHO, PEPFAR effort –Ensures that each patient has one unique identity within the health system –Facilitates the development and availability of longitudinal medical records –Allows users of services to be tracked across health-care sectors

4. Considerations and Guidance for Countries Adopting National Health Identifiers, 2014 –Rationale/background – utility within clinical setting and for monitoring –Patient matching –Standards/technical specification –Ideal properties of the NHID –Functions and elements of an NHID system –Confidentiality/privacy concerns –Implementation and design challenges Universal vs. health identifiers Use of biometrics Card design –National registries and required infrastructure –Annexes and illustrations including Key concepts Calculating the size of the NHID, and implementing a checksum Sample legal and policy guidance Tool for estimating resources required to implement and maintain NHIDs Annotated bibliography

5. Methods, Limitations Work is based on expert consultation in 2009 Representatives from Botswana, Brazil, Denmark, Kenya, Malawi, Thailand, Ukraine, and Zambia. They reviewed –Benefits and challenges to date, existing literature and standards –Discussed pros/cons of NHIDs vs. universal identifiers Document provides a starting point, describing the many and diverse functional areas that need to be considered Does not duplicate authoritative standards on unique identifiers Implementing NHIDS is a complex process that requires strategic planning and coordinator among key stakeholders Work depends on existence of a larger programmatic initiative to develop national health infrastructure and standards Does not provide a step-by-step implementation road map

6. Rationale/background  Goals  Ensures that each patient has one unique identity within the health system  Facilitates the development of longitudinal medical records and allows users of services to be tracked across health-care sector  Improves creation of summary indictors needed to monitor and evaluate the effectiveness, efficiency, equity, and acceptability of service provision  Challenges that impeded the efficiency and reliability of linking patient records between and across health information systems:  Lack of a person-level unique identifier  Insufficient specificity/algorithm for deterministic or probabilistic patient matching  Lack of standardized data fields/values across the data systems  Variability in completeness and quality of reported data

7. Patient matching  Unique IDs don’t replace need for matching processes/techniques  ID systems rarely cover 100% of patients (e.g., children, immigrants)  Legacy data systems may implement IDs at different times (LIS, pharmacy, EMRs)  ICT enables/automates matching effectiveness/efficiency

8. Patient Matching Methodologies ProbabilisticDeterministicFuzzy Match Increasing Complexity Machine Learning Rule-based. E.g., declare a match if exact match on:  National ID + DOB  Full name + address  Etc. Non-exact agreement, allows for errors: “If last name agrees on first 5 characters then declare agreement” Implements a statistical model for matching. Weights based on distribution of data elements used within the data set Uses machine learning algorithms to improve matching sensitivity/ specificity

9. Patient Matching Methodologies Deterministic/Heuristic Rapid Implementation Simple calculations Relies on accurate and consistent data May not generalize well to other data sets/contexts Probabilistic Complex implementation Computationally intensive More forgiving of data errors Algorithms adapt to data being linked

10. Standards/technical specification  American Society for Testing and Materials (ASTM)  Standard guide for properties of a universal healthcare identifier (UHID) (ASTM E-1714-00)  Guide for implementation of a voluntary universal healthcare identification system (ASTM E-2553-00)  International Organization for Standardization (ISO)  Health informatics: identification of subjects of health care (ISO/TS22220:2011)  Health informatics: patient healthcard data (ISO 21549)  Health informatics: guidance on patient identification and cross- referencing of identities (CEN/TR 15872)  Documents available for purchase online; key issues incorporated into the UNAIDS guidance

11. Ideal properties of the NHID (ASTM 1714; Box 1) Functional Characteristics Accessible Assignable Identifiable Verifiable Mergeable Splittable Linkage of Lifelong Health Record Linkable Mappable Patient Confidentiality and Security Content Free Controllable Healthcare Focused Secure Dissidentifiable Public Design Characteristics Unique Repository Based Atomic Concise Unambiguous Permanent Centrally Governed Networked Longevity Retroactive Universal Incremental Implementation Reduction of cost and improved health Status Cost-effectiveness Compatibility with Standards and Technology Industry Standards Base Deployable Usable

12. ASTM 1714 examples  Mergeable: can be merged to consolidate multiple identifiers that belong to the same individual  Splitable: can be split to assign new identifiers to two or more individuals who have been assigned a single identifier in error  Verifiable: the sample universal health identification number includes a single-digit check code for verification.  Mappable: with the use of appropriate database system and software, the identification number can be used to map currently existing health-care identifiers  Content-free: the sample universal health identification number is free of information about the individual  Public: the encrypted universal health identifier’s encryption scheme is intended to hide the identity of an individual when linking information  Permanent: the identification number has sufficient capacity to prevent reuse of identifiers  Longevity: the identification number can support patient identification for a foreseeable future  Universal: the identification number can support patient identification for the entire population

13. Functions and elements of an NHID system  Describes the 5 basic functions of an NHID  Positive identification of patients  Linkage to additional data fields needed to aid delivery of care  Aggregation of information across institutional boundaries  Protection of privacy by de-identification of records before they leaves the primary site  Reducing operational costs by supporting automated record management and information sharing  Seven core elements of the NHID  Identifier schema  Identification information, including demographic or biometric data  Cross-references to local, site-specific identifiers (e.g. facility medical record numbers)  Mechanism to hide or encrypt identifiers  Software to mass-register patients  Software to search, match, encrypt or otherwise manipulate underlying information  Administrative infrastructure

14. Confidentiality concerns  An NHID can strengthen confidentiality requirements by reducing repeated use of other significant amounts of personally identifiable information, but –  Do not store information about the object in the identifier, e.g., parts of the first or last name, date of birth, region of service  To fully the privacy concerns a legal framework for privacy is needed and should include:  National governance in the form of legislation  Appropriate organizational policies and procedures  Access control and audit trails that allow for detecting and tracking inappropriate access  User authentication  Physical security  Build-in computer hardware and software security  Proper back-up and disposal of paper and electronic records  Training and education, including public education through public service announcements, briefings and other communications  Continuous evaluation and improvement of these protective measures

15. Implementation and design challenges  Identifier scope: universal vs. health identifiers  Where available, universal IDs (e.g., passports, driver’s licenses, SSN, mobile phone numbers) can and should be used for health, e.g., in matching algorithms, and can be cost-effective, but issues include Less than full population coverage Sharing of IDs Fraud Privacy concerns  Special populations  Many disease-specific IDs exist, HIV treatment database. Such numbers should not be used as basis for health IDs, nor printed on cards, due to potential for stigma  Issuance of cards – considerations on box 3  Location of issuing authority, use of temporary cards, documentation needed to verify identity, will biometrics be stored card, training needed

16. Use of biometrics  Used to verify identify of individuals (authentication)  Includes fingerprints, facial recognition, photographs, iris scans  Widely available technology (esp. fingerprint readers), cost varies with degree of precision (larger populations need higher-resolution readers, e.g., for use in passport control)  Increasingly popular as NHIDs are linked to health payments  Needs to be tested in target populations for  Acceptability  Performance (lower in some populations such as agricultural workers or older adults)  Iris and facial recognition require more computing power, telecommunication infrastructure

17. National registries and required infrastructure  Architectural options for NHID issuance (not exhaustive)  Centralized distribution from a single authority  Centralized authority, but distribution from multiple networked locations  Centralized authority, but distributed from multiple disconnected locations (relies on pre-distributed, serialized identifier cards)  Locally assigned distribution authorities, from multiple disconnected locations (identifiers consist of provider site code combined with numbers from a block of sequential identifiers).  Potential architecture for NHID within a Health Information Exchange

19. Annex 5:Tool for estimating resources  Costs of implementing a NHID system are affected by:  Highly centralize, semi-distributed, or highly-distributed implementation model  Expected monthly enrolment rate  Number of concurrent locations providing enrolment services  Use of existing building space  Availability and costs of staffing the patient enrolment and other contact points  Geographical distances and population distributions  Types of identity verification to be used, such as photographs or fingerprints  Whether data and voice communication systems needed to support the effort are adequate  Whether the scope of the project includes development of national data standards and national data-sharing standards  Costs to be captured include  Identification cards  Biometric identification equipment  Telecommunications hardware, maintenance, repair  Authentication key management  Personnel (national coordinator, policy analyst, project management, business analysis, card distribution, software support, etc.)  Operational support  Software development, operations, training

20. Annex 6: Annotated bibliography  Updated in 2012, originally created as background material for 2009 workshops participants  Based on MEDLINE keyword searches  Reviewed for inclusion/exclusion by a panel of experts, then grouped into categories  Summarized from abstract, or by reviewing expert  Hyperlinked to source article or abstract  Organized as 18 recommended general readings, and further readings for either more in-depth coverage or alternative views  Unique identifiers  Record linkage  Technology (ICT, biometrics, relevant ISO documents)  Legal, ethical, and privacy considerations  Implementation and case studies

21. Next steps, possible models  Still needed:  Implementation roadmap for NHID  Stronger evidence-base on impact of NHID implementation Improvements to data quality Improvement to operational efficiency, including reduced staffing resources to monitor health (must be evaluated in context of total cost of ownership model), reduced time to return lab results, etc. Improvements to health outcomes, such as improved adherence to clinical guidelines, reduced loss to follow-up leading to reduction in treatment failures  Staged scale up approach  Start with core clinical need such as district hospital, patient registration  Link registration records to payment systems  Incrementally add data from various hospital units (HIV, MCH, TB, primary care, lab, pharmacy, etc.)  Link to community-based services (e.g., STI, HIV testing, peer education)  Incrementally add feeder facilities, other hospitals in region  Show results; work with other regions to gradually achieve national scale

22. Acknowledgements Montreux 2009 workshop participants Eddy Beck, UNAIDS Shaun Grannis, Regenstrief Institute Philippe Boucher, WHO Eric Manders and Tom Hutton, CDC