In the United States and beyond, patients often need to visit several health care providers and manage interaction with them through multiple portals, electronic health care record (EHR) systems, paper records and even faxes! However, there is no universal patient identifier in the US and there are often identity discrepancies — such as misspelling of names or addresses — for the same person in different healthcare systems.
Managing patient identity across these different settings has become a growing challenge involving multiple stakeholders, including health care providers, administrators, insurance companies, government agencies, patients, and health IT companies.
Accurate patient identification is essential for maintaining patient safety and providing high-quality care, and in recent years blockchain technology has emerged as a potential solution to this problem.
Challenges of Patient Identity Management
As patients interact with multiple healthcare providers and supporting IT systems, the creating and propagation of duplicative records mushroom and, in time, lower both the trust in and the quality of the underlying information.
Lowering of trust in medical data often leads to a materially worse experience for the patient, including:
· Repetitive and error prone data collection
· Longer waiting times
· Reliance on personal or family-member memory for critical medical information under duress, such as prescribed medications when admitted to an Emergency Room
· Unexpected and difficult to fight medical fees
· Misdiagnosis of health issues
· Adverse effects of treatment
These issues are often exacerbated by the fact that there is little interoperability across different health record providers; making data sharing slow, costly and error-prone.
Additionally, patient identity management is a big concern in healthcare because of the potential for data breaches and other security issues. Personal health information is valuable to cybercriminals, and healthcare providers must take steps to protect patient privacy and secure their records. However, even when the data can be securely shared, matching patient data across different institutions in the US is hard, as there is no national patient identifier, such as the National Health Services (NHS) number in the UK.
To address these challenges, healthcare providers and health IT companies have developed different possible solutions. These include:
· Biometric authentication, such as fingerprint or facial recognition, to verify patient identity. Combined with use of smart phones to access or verify health records, this is a promising approach to improve both security and usability for patients
· Patient matching algorithms, designed to identify and match patient records across multiple systems. These algorithms use a combination of demographics data along with other available patient identification data to, often quite accurately, match patients across different systems
· Interoperability protocols, such as FHIR (Fast Healthcare Interoperability Resources). In particular, FHIR supports use of unique patient identifiers, helping link records across different systems and reducing risk of mixing up patient information
· Smart cards, where a patient’s medical information and personal identifiers are stored encrypted on the physical card
· Proprietary patient identity management platform, designed to help healthcare organizations maintain accurate patient records and ensure proper patient identification across various systems
· Blockchain based solutions, using secure, decentralized, and tamper-proof digital identity for patients and often providing cryptographically verifiable proof of their interactions with supporting healthcare systems
How Blockchain Can Help
Public network blockchain or Distributed Ledger Technologies (DLTs) have several characteristics that make it well-suited for patient identity management, including: inherent security, decentralization, global and public accessibility, immutability of transactions and ability to cryptographically prove the occurrence of transaction. Furthermore, with appropriate design and implementation, patient identity and healthcare related transactions will remain privacy-preserved and off the chain — not stored on the public ledger — yet, this still offers a transparent, tamper-proof record of related activities.
Use of blockchain technology can help evolve patient identity management to more decentralized, user-centric and non-proprietary methods. Currently most patient identity is tied to a centralized or proprietary platform, where patient identity is managed by an organization and is limited to its applications.
User-centric or in time, even, Self-Sovereign Identity (SSI) — enabled through public blockchain technologies — would allow a patient to have non-proprietary identity credentials, offering more control and security over usage, as well as utility across different applications or providers.
SSIs are created, owned, and controlled by the individual or entity they represent. This is unlike traditional patient identifiers, such as email addresses or usernames, which are managed by centralized services.
Decentralized Identifiers (DIDs)
A DID is a new type of globally unique identifier used for creating secure, verifiable, and decentralized digital identities, and a key implementation approach to achieve self-sovereign identity (SSI).
DIDs are based on the principles of blockchain technology and are typically associated with a specific distributed ledger or blockchain network. A DID can be resolved to a DID document, which contains essential information for interacting with the digital identity, such as public keys, endpoints for communication, and authentication protocols.
Though still nascent, standards are rapidly being developed and implemented within the blockchain and identity management communities to support DID interoperability across different implementations. These new developments have great potential to improve patient identity management!