What are the 21st-century requirements for health identity?

The need to resolve patient identity across all healthcare transactions continues to be one of the most pressing problems facing health information.  It has not gotten better, and the need for a solution is greater today than it was just 20 years ago – the last time this problem was seriously addressed.

In 1996, when Bill Clinton signed HIPAA, I, and nearly all of healthcare supported its passage because it authorized the Universal Health Identifier.  A single number, curated by the government, which would be used by all healthcare and related industries to identify patients.   We were sorely disappointed when the implementation of the Universal Health Identifier was blocked.  

Recent action by the House of Representatives has rekindled the hope that the Universal Health Identifier will finally be implemented.But, is the best solution we could find 20 years ago, the right solution for today?  

In the intervening period, many of the dire predictions harnessed by privacy advocates to block implementation have now been shown to be real threats.  In today’s climate of privacy abuse and identity theft, these perils should be taken more seriously.  It seems unlikely that the solution we supported 20 years ago is a solution we should continue to seek and to support.

Of course, Instead of going back to the best solution we could find 20 years ago, we need to seek a better solution for this chronically unsolved problem.  20 years ago, it would not have been plausible to entertain an identity solution that was based on patients carrying mobile computing devices.  

Today, it is not only plausible but, to ignore such would constitute an unforgivable omission.  As we seek the patient identity solution for the 21st century, let’s not look back to the best that the 20th century could supply.

So what are the 21st-century requirements for health identity that protects patient privacy in our new digital world? 

Here is my list:

Self-generated.
Not government issued.

Usage at the will of the person.                                                                                Self-sovereign.

Proof of uniqueness.
One and only one for each person.

Proof of personhood.                                                                                                 Not a robot, linked to DNA.

Not a single Patient ID number.
It is unacceptable to society to have a single number that can unlock an entire health history.

Cross-references the person’s Patient IDs.
Each person’s existing Patient IDs are stored in self-sovereign wallets for self-sovereign cross-referencing.

No computer system modifications required.
Existing Patient IDs continue to be used.

Biometric identity proofing.
For proving identity claims patients make.

Biometric identity matching.
For matching patients to identities when no identity claims are made.

Self-sovereign “break-the-glass” access.
Self-sovereign choice of the identity protocol to be used in an emergency situation.

-What’s your list?  We’d love to hear!