substance abuse ehr software

Patient Identification, a Problem In Need of a Solution

For a facility that treats a couple hundred patients, each of whom is known to the staff, proper patient identification is only a concern for new patients and identical twins. For large, multi-site treatment providers uniquely and properly identifying patients is a real challenge.

It’s estimated that 8% of all the medical records in the United States are duplicate records, in spite of the fact that many large organizations already use Enterprise Master Patient Index (EMPI) solutions minimize patient identification errors.

The problem is exponentially larger across the spectrum of healthcare in general. Consider that every individual patient must be properly identified by every one of their treatment providers, by each of their insurers, within each software system, at each level, up to and including the national level for specific requirements such as pandemic reporting to the CDC.

The monetary cost of patient misidentification is estimated to be over $6 billion annually across the U.S. healthcare system. This 2016 report provides some non-monetary quantifiers:

  • Misidentification is the cause for 30% of medical errors and 35% of all denied claims.
  • 86% of respondents to the report’s survey witnessed a medical error attributed to misidentification.
  • Identity fraud due to stolen or shared identification cards impacts 2.3 million patients each year which is expected to grow at a rate of 20% annually.

It is remarkable that prior to 1996 the authors of the Health Insurance Portability and Accountability Act (HIPAA) foresaw this problem and proposed solving it by requiring use of a unique health identifier for every patient. That mandate was later overruled due to concerns about patient privacy and uncertainty as to whether it would actually help.

Though it was still in discussion as late as 2019, one industry expert suggests that a national patient ID won’t solve the problem, citing that the it is “fundamentally the result of proprietary systems unwilling to integrate or communicate”. He proposes that the solution will require a societal-level solution using “an algorithm-based enterprise master patient index (EMPI), augmented with other technologies, and combined with policies to improve data quality at point of capture”. If that sounds complicated, it is. 

While waiting for society to solve the problem collaboratively, there are things that every provider can do today to improve patient identification internally. Among them:

  1. Implement policies and procedures to improve data collected at time of admission.
  2. Require at least 3 identifiers to be used at every contact and provision of service.
    1. Those might be the patient’s family and given names, address, date of birth, sex, medical record number, individual healthcare identifier, etc.
  3. Ask patients directly to verify their identifiers at every point of contact.
  4. If your organization uses multiple software systems, consider implementing an internal EMPI to ensure that identification is consistent and is maintained across those multiple internal systems.
  5. Leverage data from central patient registries to ensure consistency between organizations.

SMART integrates with central registries in certain locales and can be integrated with others and with EMPI solutions using SMARTBridge™. While these are added-cost solutions, the benefits they offer provide substantial value and reduce both risk and costs of dealing with patient misidentification. For the best in substance abuse EHR software news, keep checking back. 

substance abuse ehr software

Protect Your Patient Data – Someone Is Phishing for You!

What is “phishing“? It’s fraudulent attempts by criminals to steal computer accounts and passwords. The term was coined in the early 1990’s when the internet was young, with only a few million user accounts. Most people today have multiple accounts, providing billions of potential targets today.

Make no mistake, regardless of who you are, the size of your organization or the strength of your technology resources, you are under attack. How can we be so sure? Experience, and taking into consideration the value of the prize: one patient’s medical record could fetch $1,000 on the “dark web“.

Even small, neighborhood clinics are targets now. An unfortunate example is a small ear-nose-throat practice in Battle Creek Michigan that fell victim to a ransomware attack in early 2019, rendering their systems inoperable, losing years of patient data and forcing them to close their doors.

Spam filters and internet security software do improve safety. None can protect you against 100% of the threats. This is especially true for “zero-day threats” and non-computer-based attacks such as cell phone text messages. The strongest protection available is a “human firewall“. It’s you!

The most common form of phishing is done with very realistic-looking, seemingly appropriate emails:

  • Have you received one that looked convincingly like it was from Linked In asking you to confirm your identity?
  • How about one from UPS or FedEx telling you your package was on the way, containing a link to check its status?
  • Did you get one from what looked like your organization’s Information Technology staff, telling you that systems had been compromised and you must change your password!

The realism of these emails is astounding, but there is one simple thing you can do to defeat them:

  • Never click a link directly! Always hover over any link with your mouse and look at the bottom left of your screen to see the actual link. Here are some examples of things to look for: 
    • https://confirm.lnkedin.com (the domain is “lnkedin” rather than “linkedin”)
    • http://tracking.fedex.xt77yq.com (http is NOT secure; the domain not fedex.com)
    • https://IT.yourcompanysite.ru (your company’s site name doesn’t end in “.ru”!)

In general, don’t trust any link you receive in email, text message, or in a document…like this one! The links here are “legit” but use them to practice the hover technique before clicking any of them.

For text messages, it’s usually not possible to confirm the link. Rather than tap on it, avoid it. Enter the actual site address in your browser and access the needed feature from there. For example, if you do need to track a package, visit https://fedex.com and click the “Tracking” link.

The COVID-19 pandemic has actually increased the volume of phishing attacks. Stay safe, be vigilant, protect your data.