Maintaining patient data integrity is more complicated than ever; cybersecurity threats loom, patients are taking more ownership of their care (self-registration, for example) and health system merger activity is on the rise. It can make the quest for the ever-elusive 1% maximum duplicate rate seem, at times, unattainable.
But a secure, accurate, and duplicate-free MPI/EMPI can be achieved. It just requires a multi-pronged approach to protect data throughout its journey into a health system and at every touch along the way.
Duplicate problems
AHIMA points out that hospitals face an average duplicate record rate between 5% and 10%. However, this figure likely underestimates the true scope of the problem, given one recent study that put the duplicate rate at 18%. Coupled with duplicate rates that suggest as many as 20% of all records are incomplete (up to 40% of demographic data was missing from commercial laboratory test feeds for COVID-19), the problem balloons from what on the surface appears to be relatively innocuous into something much more severe.
In its white paper “A Realistic Approach to Achieving a 1% Duplicate Record Error Rate,” AHIMA notes that duplicate patient records lead to misidentification errors and administrative inefficiencies. In addition, missing data within the record can reduce contact tracing, vaccination, and public health reporting.
The financial toll is equally severe; misidentification costs the average healthcare facility $17.4 million per year in denied claims and lost revenue. Further, while progress is being made on both fronts, the lack of patient identification standards and a unique patient identifier exacerbates the overall problem.
Cybersecurity risks
Along with increased opportunities for duplicate and overlaid records, healthcare organizations face growing cybersecurity threats from all sides. The FBI’s 2021 Internet Crime Report revealed that the healthcare sector dealt with the most ransomware attacks in 2021 of any critical infrastructure sector, with the Internet Crime Complaint Center (IC3) receiving 148 complaints of healthcare ransomware attacks.
HIMSS, in its 2021 Healthcare Cybersecurity Survey, found that phishing (45%) and ransomware (17%) are the most significant security threats and financial information is the primary target. Among survey respondents, 67% indicated that their healthcare organizations experienced significant security incidents in the past 12 months, with 32% stating the security level was high and 12% considering it critical.
The threat is severe enough to have prompted the introduction in the Senate of the bipartisan Healthcare Cybersecurity Act, which would establish a partnership between HHS and the Cybersecurity and Infrastructure Security Agency (CISA) with the goal of improving cybersecurity in the healthcare and public health sector. The Act mandates a study by CISA on the risk facing the healthcare industry that also explores strategies for securing medical devices and EHRs, and how data breaches impact patient care. It also calls for the agency to work with information-sharing organizations and analysis centers to create healthcare-specific resources and promote threat-sharing information and educate healthcare asset owners and operators on managing cybersecurity risks.
End-to-end protection
The first step of every patient encounter is choosing the right patient record. While that’s obvious, it doesn’t always happen in the given moment. However, getting it right at the outset is a critical moment for eliminating medical errors, unnecessary costs, and safety issues associated with an MPI tainted by duplicate records.
Clean patient records at registration prevent downstream contamination into other departments – from clinical to imaging to billing, and enhance revenue cycle efficiencies to reduce AR and decrease denials. Positive patient identification also enables digital transformation across the healthcare system, leading to improved interoperability, patient engagement and even improved patient access.
Because of these drivers, health systems are increasingly aware of and using technology to address patient data integrity issues where they can control them. For example, according to Johns Hopkins Hospital, more than 90% of patient record errors begin at registration. These errors lead to duplicate record creation. In addition, health systems protect against front-end contamination of the MPI/EMPI.
In an end-to-end protection model, mismatched records are prevented and mismatches are caught upfront. However, most EHR patient lookup requires specific processes and data to be entered the field by field, in just the right way. If even one detail is off, a search will yield invalid results and can lead to the creation of a new, duplicate patient record. Current dynamic patient lookup solutions return instant patient results as they are typed into the system search bar, just like a web browser. Everyone involved in the patient matching process can narrow and refine results as they type to achieve positive patient identification.
Such a solution is critical when uncontrolled factors, like a health system merger, AHIMA notes. In these instances, duplicate rates can rise to 20% or more. Conducting data and record clean-ups before merging records or health systems can eliminate patient misidentification. Patient lookup technology can help rectify duplicates, getting about the effort of patient engagement much more quickly.
AHIMA notes that technology that conducts ongoing monitoring can identify and eliminate duplicate records and ensure errant records are eradicated before they can contaminate downstream systems, particularly important during mergers, especially if patient registration and identification issues are addressed early on or from the onset.
Combined management and clean-up ensure accurate patient identification anywhere along the patient journey and at any point in the care continuum. These dual approaches also can protect patient medical records from unauthorized user access, breach, or attack, thus securing all patient information and minimizing the ongoing costs of maintaining quality patient data.
How It Works
Resolve patient misidentification issues by leveraging biometrics to collect images and patient information, creating the patient record within the MPI. Then, that data can be analyzed, cleaned, and returned with a copy of the patients’ photos and corresponding medical record numbers.
Such an approach to MPI/EMPI protection operates in multiple environments. For example, the patient’s photo is taken and attached to their unique medical record during on-site registration. During remote registrations or remote visits, the patient is sent a text message with links to take and submit a selfie-and photo of their driver’s license. The system uses this information to search for any record matches before assigning biometric credentials to new patients.
When integrated into the EHR, healthcare organizations can prevent duplicate record creation during patient registration, ensure remote patient data capture and authentication, and clean patient data across the care continuum. The result is improved patient safety, reduced misidentification-related medical errors, fewer write-offs and denied claims, and reduced cybersecurity threat risks.
In the end, end-to-end EMPI/MPI management and patient identification require a multifaceted approach to tackle one of healthcare’s most prevailing problems and reduce the volume of duplicate medical records while securing patient information and minimizing the efforts required to maintain quality patient data.
About Lora Hefton
As Executive Vice President, Lora oversees all aspects of Harris Data Integrity Solutions, including its vision, strategy, controls, procedures, development, distribution, support, as well as ensuring it has the people to deliver quality services and solutions to healthcare entities while maintaining growth. She joined Just Associates in 2010 and, prior to its acquisition by Harris Computer, served as Chief Operating Officer working closely with its founders to expand the solutions and services offered by the business.