Information Governance Practices Can Reduce Consumer Concerns about Revealing Social Security Numbers
As news of health data and credit card security breaches continue to make news, consumers are growing warier of sharing forms of identification with healthcare providers such as Social Security Numbers (SSN). A recent study by LexisNexis Risk Solutions found fewer than three in 10 consumers are willing to share their full SSNs with their healthcare provider. However, information governance practices may be able to help providers reduce their reliance on SSNs.
As the study notes, “Current verification systems which collect name, address, email address, SSN, driver’s license numbers, date of birth, phone numbers, insurance information, and some form of medical history for health care transactions are deemed effective. However, there is an ongoing struggle in the industry on how to manage and protect the vast amounts of information collected by both providers and payers.”
Indeed, AHIMA has published practice briefs on limiting the collection of SSNs as patient identifiers. Asking patients for their full SSN increases the patient’s vulnerability to fraud and identity theft, and federal agencies have pushed for alternatives. Medicare, however, uses the SSN as a patient identifier.
Strong information and data governance practices, particularly those focused on reducing duplication of health records, can ease reliance on SSNs and create more secure systems that are less prone to breaches.
“Strong information governance that addresses patient identity integrity and accurate patient matching is key to a patient-centric health system and patient-centric processes,” wrote the authors of an AHIMA practice brief, titled “Managing the Integrity of Patient Identity in Health Information Exchange.”
In the brief, AHIMA recommends the following tasks for to improve data and information integrity by health information organizations (HIOs):
- Measuring and reporting to a governance board the rate of duplicate records and the integrity of the data by de-identified data source.
- Providing to the appropriate provider organization the list of potential duplicates for internal reconciliation.
- Notification to the appropriate provider organization for potential overlaid records.
- Validating and linking potential overlap pairs verified to be the same patient. These potential overlaps have a record match score that is below the auto-link score threshold, but are weighted high enough to warrant manual review. Often an additional 50 percent of the auto-linked pair volume can be manually linked after human review.
- Periodically measure the HIO’s record matching algorithm’s performance to ascertain the false positive and false negative rate.