Sen. Rand Paul, M.D., (R-Kentucky) has brought in a new bill that aims to have the national patient identifier provision of HIPAA permanently deleted due to privacy concerns over the configuration of such a system.
At present, HIPAA is best known for its healthcare data privacy and security regulations, but the national patient identifier system was proposed in the first HIPAA legislation of 1996 as a measure to facilitate data sharing and help cut wastage in healthcare.
The provision aims to have the HHS “adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and healthcare provider for use in the health care system.” However, in 1998, former Congressman Ron Paul (R-Texas), Sen. Rand Paul’s father, brought in a proposal which called for a ban on funding the development and configuration of such a system. The ban was brought in during the Congressional budget for 1999 and has been included in all Congressional budgets ever since.
This year there was hope that the ban would, at last, be deleted after a June amendment to the House of Representative’s appropriation bill for financial year 2020. The amendment received strong bipartisan support and it was hoped that the Senate would copy the House’s lead and have the ban finally removed. However, on September 18, 2019, the Senate appropriations subcommittee’s proposed budget bill for fiscal year 2020 included the same language as previous years and, as it stands, the ban looks set to stay in place for at least one more year.
Sen. Rand Paul’s National Patient Identifier Repeal Act is hoping to repeal the HIPAA provision, which Sen Paul believes will place the privacy of Americans in danger. He refers to the provision to as dangerous, as it would allow a government-issued ID number to be linked with the private medical histories of every man, woman, and child in America.
It is for that very same reason that dozens of healthcare sector stakeholder groups want the national patient identifier introduced, as without such an identifier, it is difficult to accurately match medical records with the proper patient. Those seeking to have the ban removed believe it will enhance the accuracy of health information exchange and strenghten security and patient safety.
Sen. Paul disagrees, as he believes the potential privacy risks are too high: “As a physician, I know firsthand how the doctor-patient relationship relies on trust and privacy, which will be thrown into jeopardy by a national patient ID,” explained Sen. Paul. “Considering how unfortunately familiar our world has become with devastating security breaches and the dangers of the growing surveillance state, it is simply unacceptable for government to centralize some of Americans’ most personal information.”
Industry groups such as the College of Healthcare Information Management Executives (CHIME) have increased their efforts to have the ban lifted due to the difficulties matching medical records with patients.
CHIME CEO, Russ Branzell outlined that Congress has already given approval a healthcare identifier for Medicare beneficiaries, but a national identifier is also required. “The patient identification conversation is one about saving lives and unlocking the potential for technology to revolutionize healthcare while cutting costs.” He has urged Sen. Paul’s views on the national patient identifier “antiquated and from some bygone era.”
While many industry asgroups share Branzell’s view, Sen. Paul’s bill has received support from certain privacy advocacy groups, including the Citizen’s Council for Health Freedom. Advocates of the termination of the HIPAA provision believes the centralization of patient information would greatly grow the risk of security breaches and could allow cybercriminals to steal individuals’ lifelong healthcare records and such a system would permit unprecedented tracking of Americans through their healthcare records.