Creating new Medicare ID raises concerns for health data handlers
The CMS is getting to work on replacing Social Security numbers as identifiers for 150 million Medicare recipients, both living and dead.
By the end of 2019 the agency intends to use randomly generated identifiers instead of the health insurance claim number, composed of a Social Security number plus one or two letters. The proposed new ID will have seven numeric and four alphabetical characters.
This is happening because Congress, in the 2015 Medicare Access and CHIP Reauthorization Act, gave the CMS four years to issue cards to Medicare beneficiaries that don’t have Social Security numbers printed on them. The provision is intended to make seniors less vulnerable to identity theft. Some industry stakeholders, however, are already griping that the way the Obama administration is carrying out the mandate will further stratify the flow of healthcare data.
The planned conversion requires reprogramming 75 complex legacy information technology systems that the CMS and its contractors use to process Medicare claims, according to the agency. It would also mean updating hundreds of thousands of privatesector computers that handle healthcare claims. The users will include hospitals, physician practices, claims clearinghouses, billing companies, post-acute providers and Medicare Advantage carriers.
A CMS spokesman said the agency would solicit input from the industry “at various points throughout the project to ensure a smooth transition that maintains beneficiaries’ access to care while avoiding disruptions to the payment process.”
Finding the right approach to matching patients to their health information has been controversial for decades. Twenty years ago, Congress called for the creation of a national patient identifier—to be used by all payers, not only Medicare—in the Health Insurance Portability and Accountability Act.
But the Clinton administration blocked federal spending on the initiative because of privacy concerns, and Congress then passed a similar ban that still stands.
Some health IT experts wonder if the CMS is wasting time and money creating yet another payer-specific identifier. The MACRA mandate is for Medicare to scrub Social Security numbers from beneficiaries’ cards, not necessarily to generate a new ID.
“We have identifiers in the DoD (Department of Defense), the VA (Veterans Health Administration) and insurance companies,” said Russell Branzell, CEO of the College of Healthcare Information Management Executives, a professional association for hospital and health system CIOs. “We have identifiers everywhere.”
Branzell called the Medicare proposal “one more great example of the fractionalizing of our identification system.”
By April 1, 2018, all organizations that process Medicare claims must have their IT systems modified to send or accept the new IDs, according to the government’s timeline.
The CMS will assign the new identifiers to nearly 60 million active Medicare beneficiaries and to 90 million former beneficiaries who are deceased and have had their records archived. The agency plans to use both the old and new ID numbers during a transition period that would end in December 2019.
“Part of this is for security reasons, privacy reasons, and that’s a good idea,” said Stanley Nachimson, a health IT consultant in Baltimore. “Unfortunately, it’s a big deal for not only CMS, but all of the providers and insurance companies.”
The proposed timeline is adequate, Nachimson said, although he noted the conversion will come as physicians adopt new technology to meet MACRA’s quality reporting requirements. The biggest challenge for healthcare providers won’t be reprogramming computers but rather getting everyone to use the new IDs, he said. “This is a big information and education project as well as a technical project.”
CHIME, meanwhile, is in the homestretch of a contest the organization sponsored to solicit the best way to identify patients and electronically match them to their records. The solution may not involve an ID at all. It could be a matter of finding a sufficiently reliable algorithm based on multiple bits of personal information, such as names, birthdates and addresses.
But Dr. Charles Jaffe, CEO of Health Level Seven, a standards development organization specializing in healthcare IT, remains optimistic that the government and the industry will embrace a true national identifier.
“We have a changing Congress and a changing notion as to what people are entitled to,” Jaffe said. “I think health is an entitlement that we all expect and we can’t get it without health information exchange—and the absence of an identifier is a barrier to that exchange.”
Some health IT experts wonder if the CMS is wasting time and money creating yet another payer-specific identifier.