Difference between revisions of "Medical Records Identifier"

From MgmtWiki
Jump to: navigation, search
(Actors)
(Privacy Considerations)
 
(13 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
==Goals==
 
==Goals==
*There are many cases where a patient presents themselves to a medical provider seeking care. The goal is that they will have some '''single identifier''' that they can use to recover their medical history.
+
*There are many cases where a user presents themselves to a medical provider seeking care. The goal is that they will have some '''single identifier''' that they can use to recover their medical history.
 
*Clearly there will be lots of locations were medical records are retained. That will not change soon. This goal is that a '''single identifier''' can mediate access to all [[EHI]].
 
*Clearly there will be lots of locations were medical records are retained. That will not change soon. This goal is that a '''single identifier''' can mediate access to all [[EHI]].
*There is no assumption that a patient will have only one [[Medical Records Identifier]] that can access all of the medical data, or that it remain constant throughout their life. It is assumed that there will be a least one for each patient that will be able to link to all of the medical data. At the start of the program this will not be true, but it should be true for all new data created as well as existing data at their current primary physician's office.
+
*There is no assumption that a user will have only one [[Medical Records Identifier]] that can access all of the medical data, or that it remain constant throughout their life. It is assumed that there will be a least one for each user that will be able to link to all of the medical data. At the start of the program this will not be true, but it should be true for all new data created as well as existing data at their current primary physician's office.
*Clearly there will be some sort of sort of [[Bootstrapping Identity and Consent]] that gets patient registered for this service, this paper will consider 3:
+
*Clearly there will be some sort of sort of [[Bootstrapping Identity and Consent]] that gets user registered for this service, this paper will consider 3:
 
#The user has a Medicare number of the form US:CMS:32fs-233ii-9r38 that is already well-known to the medical community.
 
#The user has a Medicare number of the form US:CMS:32fs-233ii-9r38 that is already well-known to the medical community.
 
#The user comes with some [[Identifier]] that is not previously know to the provider, perhaps self-issued for cases where they chose to take control of their own medical records recovery.
 
#The user comes with some [[Identifier]] that is not previously know to the provider, perhaps self-issued for cases where they chose to take control of their own medical records recovery.
Line 13: Line 13:
 
==Actors==
 
==Actors==
 
Note that these are the roles played by the actors. Some real-world entities will support more than one of the roles. Note that payment providers are not a part of this use case.
 
Note that these are the roles played by the actors. Some real-world entities will support more than one of the roles. Note that payment providers are not a part of this use case.
# Patient
+
# User of the service - written in this document as though it is the patient.
 +
# Patient to which care is provided.
 
# Guardian (or Guarantor)
 
# Guardian (or Guarantor)
 
# Medial Care Provider (Physician or other licensed professional)
 
# Medial Care Provider (Physician or other licensed professional)
Line 23: Line 24:
 
==Problems==
 
==Problems==
 
* The big problem with any sort of [[Self-issued Identifier]] is [[Trust]] where there are no standards or examples of any trust without a history of trusted behavior.
 
* The big problem with any sort of [[Self-issued Identifier]] is [[Trust]] where there are no standards or examples of any trust without a history of trusted behavior.
 +
* Medical records are known to be riddled with errors today, a situation which will not change soon.<ref>Christina Farr, ''This patient's medical record said she'd given birth twice — in fact, she'd never been pregnant.'' (2018-12-09) CNBC https://www.cnbc.com/2018/12/09/medical-record-errors-common-hard-to-fix.html</ref>
  
 
==Solutions==
 
==Solutions==
===Universal Resolver===
+
===Medical Records Locator Service===
The US medical community accepts the idea that any registered health care provider can query a [[Universal Resolver]] and get a response with data appropriate to their need and authority within 2 minutes for emergency care and within 2 hours for more detailed records. Note that the resolver does not need to be a records provider.
+
While a Universal Identifier Resolver should be applicable to any complex [[Identity Ecosystem]], in the medical arena it can function as a medical records locator. It's purpose is to return pointers to data records and not the data contained in those records. The following are the changes that are needed for this concept to be successful in the medical arena in the US, or any other [[Distributed ID]] [[Ecosystem]].
 +
*The US medical community accepts the idea that any licensed and registered health care provider can query a [[Universal Resolver]] with a user's Identifier and get a response with data appropriate to their need and authority within 2 minutes for emergency care and within 2 hours for more detailed records. Note that the resolver does not need to be a records provider.
 +
*[[Authentication]] will be provided for any [[Medical Records Identifier]]. The exact relationship between the authenticator and the resolver is TBD.
 +
*It is important that all of the records under a single [[Medical Records Identifier]] are associated with one unique human being. It is understood that errors will happen with assignments of records to [[Medical Records Identifier]]s and the some robust recovery and redress procedures are in place to correct errors; including errors reported by the user.
 +
 
 +
===Privacy Considerations===
 +
In the US all medical records are protected by [[https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html HIPAA regulations]] which strictly limit who can have access. This consideration will require strong identifiers for any user that wants to access their medical records. At the same time it is important to provide [[Exceptional Access]] to first responders who need information quickly, even in cases where the patient is unable to provide [[User Consent]].
  
 
===1 Well-known Patients===
 
===1 Well-known Patients===
Line 32: Line 40:
  
 
===2 Patients with unfamiliar Identifiers===
 
===2 Patients with unfamiliar Identifiers===
The [[Universal Resolver]] must be extensible so that new entrants to the medical records business have a process by which they can be included in the medical records system. One of the requirements will include the ability and authority to reach out to other medical record centers. It is to be expected that some of these providers will be operating under the authority and control of the patient. For example the following could show up in a list of [[Decentralized Identifiers]] that could easily be a request for medical records did:sov:WRfXPg8dantKVubE3HX8pw.
+
The [[Universal Resolver]] must be extensible so that new entrants to the medical records business have a process by which they can be included in the medical records system. One of the requirements will include the ability and authority to reach out to other medical record centers. It is to be expected that some of these providers will be operating under the authority and control of the user. For example the following could show up in a list of [[Decentralized Identifiers]] that could easily be a request for medical records did:sov:WRfXPg8dantKVubE3HX8pw.
  
 
===3 Dependent patients with no Identifier===
 
===3 Dependent patients with no Identifier===
Line 44: Line 52:
  
 
===Miscellaneous References===
 
===Miscellaneous References===
https://uniresolver.io/
+
* [https://wiki.idesg.org/wiki/index.php/Health_Care_Profile Health Care Profile] in Kartara IDEF documentation.
 +
* [[Trusted Resolver]] wiki page.
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]
 
[[Category:Identifier]]
 
[[Category:Identifier]]
 +
[[Category:Health]]

Latest revision as of 16:48, 18 April 2019

Purpose

Any person can go into any willing medical provider's office and be identified and get care appropriate to their medial history.

Goals

  • There are many cases where a user presents themselves to a medical provider seeking care. The goal is that they will have some single identifier that they can use to recover their medical history.
  • Clearly there will be lots of locations were medical records are retained. That will not change soon. This goal is that a single identifier can mediate access to all EHI.
  • There is no assumption that a user will have only one Medical Records Identifier that can access all of the medical data, or that it remain constant throughout their life. It is assumed that there will be a least one for each user that will be able to link to all of the medical data. At the start of the program this will not be true, but it should be true for all new data created as well as existing data at their current primary physician's office.
  • Clearly there will be some sort of sort of Bootstrapping Identity and Consent that gets user registered for this service, this paper will consider 3:
  1. The user has a Medicare number of the form US:CMS:32fs-233ii-9r38 that is already well-known to the medical community.
  2. The user comes with some Identifier that is not previously know to the provider, perhaps self-issued for cases where they chose to take control of their own medical records recovery.
  3. The user comes with no usable Identifier. For this use case we consider the case of a homeless child under the age of 13 being registered for school.

Actors

Note that these are the roles played by the actors. Some real-world entities will support more than one of the roles. Note that payment providers are not a part of this use case.

  1. User of the service - written in this document as though it is the patient.
  2. Patient to which care is provided.
  3. Guardian (or Guarantor)
  4. Medial Care Provider (Physician or other licensed professional)
  5. Patient Registrar - provider of Medical Records Identifier
  6. Resolver that will authenticate any Medical Records Identifier and return links to EHI providers
  7. Electronic Health Information (EHI) Care Records Provider
  8. Hospital or other care facility (also licensed)

Problems

  • The big problem with any sort of Self-issued Identifier is Trust where there are no standards or examples of any trust without a history of trusted behavior.
  • Medical records are known to be riddled with errors today, a situation which will not change soon.[1]

Solutions

Medical Records Locator Service

While a Universal Identifier Resolver should be applicable to any complex Identity Ecosystem, in the medical arena it can function as a medical records locator. It's purpose is to return pointers to data records and not the data contained in those records. The following are the changes that are needed for this concept to be successful in the medical arena in the US, or any other Distributed ID Ecosystem.

  • The US medical community accepts the idea that any licensed and registered health care provider can query a Universal Resolver with a user's Identifier and get a response with data appropriate to their need and authority within 2 minutes for emergency care and within 2 hours for more detailed records. Note that the resolver does not need to be a records provider.
  • Authentication will be provided for any Medical Records Identifier. The exact relationship between the authenticator and the resolver is TBD.
  • It is important that all of the records under a single Medical Records Identifier are associated with one unique human being. It is understood that errors will happen with assignments of records to Medical Records Identifiers and the some robust recovery and redress procedures are in place to correct errors; including errors reported by the user.

Privacy Considerations

In the US all medical records are protected by [HIPAA regulations] which strictly limit who can have access. This consideration will require strong identifiers for any user that wants to access their medical records. At the same time it is important to provide Exceptional Access to first responders who need information quickly, even in cases where the patient is unable to provide User Consent.

1 Well-known Patients

The Medicare system is well known to all medical care providers. We have assigned it a prefix of US:CMS for the purposes of this example US:CMS:32fs-233ii-9r38. The states will have a similar system for Medicaid. It will need a similar prefix, for example giving an Identifier of US:WA:MED:2348796529879796. The same would apply to other government programs, for example the VA might have an Identifier of US:DOD:02937495077723. An assumption was made here that the active duty warfighter would get some Identifier that would continue into retirement. It is not a requirement that the provider accept government medical payments, but it is required that they participate in the Universal Resolver for medical information and accept any Medical Records Identifier, including providing any information that they generate themselves.

2 Patients with unfamiliar Identifiers

The Universal Resolver must be extensible so that new entrants to the medical records business have a process by which they can be included in the medical records system. One of the requirements will include the ability and authority to reach out to other medical record centers. It is to be expected that some of these providers will be operating under the authority and control of the user. For example the following could show up in a list of Decentralized Identifiers that could easily be a request for medical records did:sov:WRfXPg8dantKVubE3HX8pw.

3 Dependent patients with no Identifier

All medical practitioners must be capable of reaching out to the medical records for the recovery and addition of data which they are qualified to access. An interesting use case is the public health nurse in a school that is on-boarding homeless children under the age of 13. They must acquire consent and hopefully anecdotal health information from a guardian during the on-boarding process. Under the assumption that the student does not come with a Medical Records Identifier, the nurse will need to provide one that may be the only one the student has until majority. The working assumption is that all such ad-hoc Medical Records Identifiers will be accompanied with some biometric information, such as a face picture.

4 Vulnerable Patients

Any patient with serious health considerations that need to be known to any health care provider prior to initiating medical procedures may acquire a medical bracelet with a Medical Records Identifier that can give emergency responders needed information within 2 minutes.

References

  1. Christina Farr, This patient's medical record said she'd given birth twice — in fact, she'd never been pregnant. (2018-12-09) CNBC https://www.cnbc.com/2018/12/09/medical-record-errors-common-hard-to-fix.html

Miscellaneous References