Cerner to Feds: Mandate ‘Directed Query’ Messages and Fix Patient ID Problem

Testifying before the HIT Policy and Standards Committees on Jan. 29, Cerner Corp. CEO Neal Patterson called for expanded use of secure messaging technology and clear patient identifiers, saying existing ways to identify patients are not adequate.

Get access to this article and thousands more...

All Health Data Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, podcasts, e-books, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our e-newsletters covering the latest breaking news, opinions from industry leaders, developing trends and specialized topics like EHR's, revenue cycle management, health insurance exchanges, analytics, and more!

Already Registered?

Forgot Password/Need Help?
Comments (4)
Patient Privacy Rights (PPR) applauds Neal Patterson's call for "universally available" directed push and directed query. Universal availability includes the patient and any agent the patient selects as allowed by HIPAA.

Universal availability can best be achieved by allowing the physician and patient to control the endpoints for directed exchange. Anything less, such as technical restrictions on endpoints at the institutional or EHR vendor level dilute and frustrate the physician-patient relationship and can result in duplicate testing, delayed follow-up and reduced ability to detect medical errors.

At the January 29 ONC HIE hearing, PPR called for ONC guidance to make clear that Direct protocols, as required in Stage 2 Meaningful Use, give physicians the choice to accept self-signed patient certificates as a practical way to ensure that all patient-directed endpoints are accessible on the nationwide health information network.

PPR also applauds Mr. Patterson's testimony that: "As the volume of data interchange increases, we cannot continue to rely on statistical matches based on a highly constrained set of data elements," and calls for a shift to voluntary use of patient identifiers.

However, PPR believes that identifiers that are strongly linked to the patient such as driver's license or biometrics are not voluntary because the patient cannot choose different identifiers in different circumstance in order to protect privacy. It's critical to use IDs thar protect privacy, not elminate privacy. Truly voluntary patient identifiers should be patient-selected in the way we select among credit cards or email addresses in privacy-sensitive situations.

For this reason, PPR's testimony at the Jan 29 hearings calls for use of Direct secure email addresses, including addresses with self-signed certificates, as the preferred method of patient identification across institutions. Patient that do not wish to use a Direct email should be allowed to use other credentials that are verifiably under their control and globally unique if these arise in the future as a result of federal efforts such as NSTIC.

The right of patients to receive care anonymously is important and should not be arbitrarily restricted by health information exchange technology. This right is recognized in HIPAA when patients pay cash for their care and this right should not be undercut by health information sharing beyond the institution in situations such as e-prescribing. Patients seeking anonymous care within the limits of public health regulations must be allowed to share information on the network using the patient identifiers that they select if the identifier is acceptable to the other parties.

Deborah C. Peel, MD
Founder and Chair, Patient Privacy Rights
Posted by DEBORAH P | Monday, February 04 2013 at 8:53AM ET
I have, for years, told anyone who would listen at safety organizations, government, and professional meetings, that the United States needs a National Patient Identifier for safe medical care. However, having recently gone through a Cerner EHR install, I find it amusing that Cerner is now commenting "we cannot continue to rely on statistical matches based on a highly constrained set of data elements". Anyone who works in a Cerner hospital knows that their statistical matches do not work on multiple levels. The method is flawed and if you don't believe this, another example is the Ohio Automated Rx Reporting System which relies on a similar process using Names, Addresses and Birthdates to identify people. Any pharmacist or physician can elaborate on the accuracy of this system when querying common names - Anglo or Latino. "Vendor Cop Out" is not the issue - more like "Vendor Greed" to cash in on the "Meaningful Use" goldmine, while fully realizing that their legacy code really was not up to the challenge. I would have been more impressed if Cerner and all the other EHR companies would have sat down with CMS and Congress to say that interoperability of health records will never be safe or accurate without a National Patient Identifier (and don't even get me started on the big lie that NDC, or National Drug Codes, accurately identifies a medication).
Posted by BRUCE K | Saturday, February 02 2013 at 10:07AM ET
Another vendor cop out, looking for a low bar. One should ask why and how does a project like epSOS (European Project for Smart Open Systems, across the 23 European Union countries with millions of transactions per hour occurring differ from the competing mess of projects and vendors in the US. Its politicians and vendors walking hand in hand lowering the bar and maintaining their need to control their software that is the problem here. Maybe the vendors should show up at an IHE connectathon and do some serious testing. Wonder how many IHE Profiles were validated by Cerner at the IHE Connectathon this week?
Posted by pwasson | Saturday, February 02 2013 at 8:22AM ET
My major concern with the HIEs is the accuracy of the data across all realms. I have a fairly generic Anglo name. In four separate, well respected, major practices my information (including one EHR) has been compromised with data belonging to another patient by the same name. If the physician practices cannot even get it right on paper, how in the name of anything sensible can HIEs be trusted??? I work in an acute care hospital. IF it even can be accomplished, it is a NIGHTMARE to get wrong information corrected in electronic record now. Once it has been pushed out to the HIE .... I shudder to think! I expect I will decide to opt out of the HIE and depend on my medical alert bracelet.
Posted by Susan B | Friday, February 01 2013 at 9:56PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.


Slide Shows

Already a subscriber? Log in here
Please note you must now log in with your email address and password.