SIST-TP CEN/TR 15872:2014
(Main)Health informatics - Guidance on patient identification and cross-referencing of identities
Health informatics - Guidance on patient identification and cross-referencing of identities
CEN/TR 15872 addresses the issue of multiple identifiers that may refer to the same person. It describes the management of patient identification and cross-referencing of identities and provides some practical guidance for addressing implementation of standards, reports, guidelines, methods, etc. The need to identify a person unambiguously is an important component for the interoperability of health information systems. Within healthcare there is an essential requirement for good quality information, not least to uniquely identify an individual to ensure that the appropriate and relevant care can be delivered irrespective of geography, time and situation. To ensure that health care providers have access to information about an individual patient, it is vital that the patient can be reliably identified within a Health Care Information System. Currently, a given patient may have several identifiers corresponding to different geographical locations, different health care organisations or various specialities. The allocation of multiple identifiers and related processes increases the risk of identification error within one or more information systems and as a result, might compromise the safety of a patient.
Medizinische Informatik - Leitfaden für die Patientenidentifikation und Kreuzrefernzierung von Identitäten
Informatique de santé - Guide sur l'identification du patient et le référencement des identités
Zdravstvena informatika - Smernice za identifikacijo pacientov in njihova uporaba v navzkrižnih povezavah
CEN/TR 15872 obravnava vprašanje več identifikatorjev, ki se nanašajo na isto osebo. Opisuje upravljanje identifikacije pacientov in njihovo uporabo v navzkrižnih povezavah ter zagotavlja praktične smernice za obravnavo uvedbe standardov, poročil, smernic, metod itd. Potreba po nedvoumni identifikaciji posameznikov je pomemben sestavni del za interoperabilnost zdravstvenih informacijskih sistemov. V zdravstvu obstaja bistvena zahteva za dobro kakovost informacij, tudi za to, da je mogoče nedvoumno identificirati posameznika ter tako poskrbeti, da mu je mogoče zagotoviti primerno in ustrezno nego, ne glede na kraj, čas in situacijo. Bistvenega pomena je, da je mogoče pacienta zanesljivo identificirati v zdravstvenem informacijskem sistemu, da se zagotovi dostop ponudnikov zdravstvene nege do informacij o posameznem pacientu. Določen pacient ima lahko trenutno več identifikatorjev po različnih geografskih lokacijah, različnih zdravstvenih organizacijah in različnih specializacijah. Dodelitev več identifikatorjev in povezanih postopkov poveča tveganje za napako pri identifikaciji v enem ali več informacijskih sistemih ter lahko posledično ogrozi varnost pacienta.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TP CEN/TR 15872:2014
01-julij-2014
Zdravstvena informatika - Smernice za identifikacijo pacientov in njihova uporaba
v navzkrižnih povezavah
Health informatics - Guidance on patient identification and cross-referencing of identities
Medizinische Informatik - Leitfaden für die Patientenidentifikation und Kreuzrefernzierung
von Identitäten
Informatique de santé - Guide sur l'identification du patient et le référencement des
identités
Ta slovenski standard je istoveten z: CEN/TR 15872:2014
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST-TP CEN/TR 15872:2014 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TP CEN/TR 15872:2014
---------------------- Page: 2 ----------------------
SIST-TP CEN/TR 15872:2014
TECHNICAL REPORT
CEN/TR 15872
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
March 2014
ICS 35.240.80
English Version
Health informatics - Guidance on patient identification and cross-
referencing of identities
Informatique de santé - Guide relatif à l'identification des Medizinische Informatik - Leitfaden für die
patients et au référencement croisé des identités Patientenidentifikation und Kreuzreferenzierung von
Identitäten
This Technical Report was approved by CEN on 17 February 2009. It has been drawn up by the Technical Committee CEN/TC 251.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 15872:2014 E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
Contents Page
Foreword .4
1 Scope .5
2 Normative references .5
3 Terms and definitions .6
4 Patient identity management .8
4.1 General .8
4.2 Concepts .8
4.2.1 Patient Identity .8
4.2.2 Patient identifier domain .9
4.2.3 Examples of patient identifier domain . 10
4.3 Identity management process . 10
4.3.1 General . 10
4.3.2 Care provision use case . 10
4.3.3 The identity management process. 12
4.3.4 Patient Identifier Domain Policy . 13
4.3.5 Basic process actions . 14
4.3.6 Identity utilization or referencing action . 15
4.3.7 Identity maintenance action . 15
4.3.8 Methods of deleting patient identity . 17
4.4 Identification anomalies . 17
4.4.1 General . 17
4.4.2 Homonymy . 17
4.4.3 Duplicates . 17
4.4.4 Collision . 17
4.5 Exceptions . 18
4.5.1 General . 18
4.5.2 Non-identified patient . 18
4.5.3 Patient with uncertain traits . 18
4.5.4 New-born . 18
4.5.5 Identification under anonymity . 18
4.5.6 Intentional use of multiple identities . 19
5 Cross-reference patient identity management . 20
5.1 General . 20
5.2 Concepts . 20
5.2.1 Cross-referencing identifier domain . 20
5.2.2 Sharing medical information between healthcare providers . 21
5.3 Identity cross-reference management process . 22
5.3.1 General . 22
5.3.2 Cross reference Patient identifier Domain policy . 23
5.3.3 Identities matching action . 23
5.3.4 Identities Query action . 24
5.3.5 Maintenance action. 24
6 Recommendations . 25
6.1 General . 25
6.2 Use Case 1: Within a healthcare organization . 26
6.2.1 Healthcare providers — Organizational requirements . 26
6.2.2 Software suppliers . 26
2
---------------------- Page: 4 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
6.2.3 Insurance providers . 27
6.3 Use Case 2: Healthcare coordination . 28
6.3.1 General . 28
6.3.2 Between healthcare providers . 28
6.3.3 Software suppliers . 30
6.4 Use case 3: Cross-border, the Europe case . 30
6.4.1 General . 30
6.4.2 Organizational requirements . 31
6.4.3 Information system . 31
Annex A (informative) Policy charter of the patient identifier domain . 33
A.1 Policy Charter of the Patient Identifier Domain . 33
Annex B (informative) Norms, standards and other references . 36
B.1 General . 36
B.2 ISO/TS 22220:2011, Identification of subject of Healthcare . 36
B.3 IHE and profiles supporting Patient identification . 36
B.4 Netc@ard for eHIC: Electronification of Healthcare Insurance Card . 38
B.5 FIDIS Future of Identity in the Information Society . 40
Bibliography . 41
3
---------------------- Page: 5 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
Foreword
This document (CEN/TR 15872:2014) has been prepared by Technical Committee CEN/TC 251 “Health
informatics”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
4
---------------------- Page: 6 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
1 Scope
This Technical Report addresses the issue of multiple identifiers that may refer to the same person. It
describes the management of patient identification and cross-referencing of identities and provides some
practical guidance for addressing implementation of standards, reports, guidelines, methods, etc. The need to
identify a person unambiguously is an important component for the interoperability of health information
systems.
Within healthcare there is an essential requirement for good quality information, not least to uniquely identify
an individual to ensure that the appropriate and relevant care can be delivered irrespective of geography, time
and situation. To ensure that health care providers have access to information about an individual patient, it is
vital that the patient can be reliably identified within a Health Care Information System. Currently, a given
patient may have several identifiers corresponding to different geographical locations, different health care
organisations or various specialities. The allocation of multiple identifiers and related processes increases the
risk of identification error within one or more information systems and as a result, might compromise the safety
of a patient.
The quality of identification ensures that health care providers have access to patient information, facilitating
closer coordination and continuity of care, improving service in terms of prevention and follow-up. Quality will
be pursued within the framework of:
— medical care in a hospital information system (HIS): covering all the stages from patient identification to
admittance to the health care organization or directly to the care unit or emergency care, through to the
issuing of reports by the different health care services (medical and medico-technical services);
— continuity of care;
— patient mobility.
Because electronic heath care records may be updated by several and various healthcare providers over a
long period of time, the patient identification needs to be formalized in such a way to ensure that the correct
patient’s healthcare record is being accessed.
In the regions or the countries where a national unique patient identifier is not used, the patient is identified by
using patient identifiers for each healthcare system, wherever the patient is registered. Even within an
individual healthcare organization, the patient may be identified by a specific identifier for an individual ward or
a medical support unit. To ensure the continuity of care and the sharing of patient information, it is necessary
to reliably link together the different patient identities within what we will call a “patient identifier cross-
reference domain”.
The need to cross-reference identities appears when a healthcare provider wants to access all the healthcare
information for one patient and that information is contained in different healthcare systems managed by
several healthcare professionals or organisations.
In recent years, many research studies and implementations have taken place to try to resolve this issue. This
document provides an overview and proposals for the management of the patient identities and the cross
referencing of identities and provides guidance for authorities, organisations, project managers and users.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
5
---------------------- Page: 7 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
ISO/TS 22220:2011, Health informatics — Identification of subjects of health care
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
alias
assumed name that can be specifically applied to disguise identity, which, in a healthcare situation, might be
used to protect a famous person receiving treatment or an individual receiving sensitive treatment in, for
example, a drug or alcohol rehabilitation unit or sexual health clinic
[SOURCE: ISO/TS 22220:2011]
3.2
collision
case in which two or more different patients are represented by the same patient identity
EXAMPLE In the cardiology service, the nurse who is consulting the record of Mr Jean Martin, finds that some data
are not consistent between then (for example, in the same day, two effort trainings were done). She suspects a collision of
th
two patients. After checking the patient identification server, she detects two Mr Jean Martin; one is born in January 25 ,
th
1950 and the second on June 25 , 1950.
[SOURCE: IHE-PIX]
3.3
duplicate
case in which several identities represent the same patient in the same patient identifier domain
3.4
federation cross-referencing index
index that carries the federative identities within a federation cross-referencing domain
3.5
healthcare provider
person or organization who is involved in, or associated with, the delivery of healthcare to a patient, or caring
for patient wellbeing
3.6
identifier
sequence of characters which is used by one or more systems to represent a person (a patient) and reference
individual information within his care process and which is unique within a Patient Identifier Domain and linked
to the traits of the Patient
Note 1 to entry: The identifier is called Subject of Care identifier in ISO/TS 22220.
EXAMPLE They are many types of identifiers: Person identifier, Patient identifier, Unit record Number.
3.7
linked identities
case in which, for a given patient, several identities (duplicates: see above) were created, which can lead to a
clash between them
Note 1 to entry: The identification system will have the capability of keeping track of these duplicate identities. After
correction, the duplicate identities are linked and one of the identity becomes the primary and the others become “ghost”
identities. When new healthcare information is recorded, they will be attached to the Patient Identity Source.
6
---------------------- Page: 8 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
EXAMPLE Ms Alice Berthon got married between two stays in hospital. She prefers now to use the name of her
husband Mr. Martin. It is possible that within EHRs, she has two records: one with one identifier and the name of Berthon
and a second record with another identifier and the name of Martin. This is a duplication and these need to be kept track
of and solved. After correction, the duplicate identities are linked and one of the identities (Miss Berthon) becomes the
primary and the others becomes “ghost” identities.
3.8
Patient Identifier Domain
domain in which, in the ideal world, the patient has one and only one Patient identifier and a common
identification scheme which is used between systems for sharing healthcare information within the domain,
and in which the identifier is assigned by the assigned authority
EXAMPLE 1 Hospital St Vincent is a Patient Identifier Domain. The patient of the Hospital St Vincent is identified at the
entrance with one and only identifier. All systems in hospital share the same patient identity delivered by one system: the
Patient Identity Source.
EXAMPLE 2 The Insurance which delivers an Insurance card with identifier is an Insurance Identifier Domain. The
country which delivers a citizen card is a citizen Identifier Domain.
[SOURCE: IHE-PIX]
3.9
Patient Identifier Cross-reference Domain
domain which consists of a set of Patient Identifier Domains, known and managed by a Patient Identifier
Cross-reference Manager Actor who is responsible for creating, maintaining and providing lists of identifiers
that are aliases of one another across different Patient Identifier Domains
Note 1 to entry: The Patient Identifier Cross-reference Domain embodies the following assumptions about agreement
within the group of individual Identifier Domains:
• they have agreed to a set of policies that describe how patient identities will be cross-referenced across participating
domains;
• they have agreed to a set of processes for administering these policies;
• they have agreed to an administration authority for managing these processes and policies.
Two models of implementation of a Patient Identifier cross-reference domain can be managed:
• Federation Patient Identifier cross-reference domain, where one member of the identities in the Cross Referencing
Information System is always the federative identity (the Master),
• Correlation Patient Identifier cross-reference domain, where the Cross Reference manager actor manages a list of
identities defined in the cross referenced identification domains where all patient identities are in the same level.
EXAMPLE 1 In England and in the Netherlands, at the country/regional level, the NHS number or the BSN are the
federative identifier. When two healthcare providers want to share medical information for a patient, they refer to the NHS
number in UK or BSN in the Netherlands.
EXAMPLE 2 In a country where the national identifier does not exist, a patient who has several medical records split in
several healthcare provider systems, the mechanism to link all the records is based on a correlation model where the list
of all patient identifiers linked to the patient identifier domains is available.
3.10
Patient Identity
representation of a real person within a Patient Identifier domain (called also Patient identifier Assigning
Authority), which, by extension, could also represent a fictional person for some purposes (testing or training)
Note 1 to entry: The patient identity is composed of:
7
---------------------- Page: 9 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
— an identifier, ID;
— a set of traits, {T}.
EXAMPLE The person named M. Jean Martin is represented in the hospital St Vincent in Paris by the record
(sample): “23654, Martin, M., Jean, Male,19500125”.
3.11
Patient Identity versions
patient's traits that are changed because of events during the life and that then need to be modified or
corrected
Note 1 to entry: The author of the modification will have the permission to update the record and the modification will
be done in a controlled procedure and audited.
EXAMPLE 1 Ms Alice Berthon was represented in hospital St Vincent as “23478, Berthon, Miss, Alice, Female,
19800325, v1”.
She got married and now she preferred to be named Ms Alice Martin. The representation will be changed
on “23478, Martin, Ms, Alice, Female, 19800325, v2”
EXAMPLE 2 Mr. Richard Louis Kerren was an outpatient in hospital St Vincent and he was represented as “43542,
Kerrene, Male., Richard, Louis, Male,19540613,v1”.
When he comes back to hospital for a second visit, the administrative staff searches his name and they
do not find the record. After a careful research, they discover that the name was not correctly registered.
They update his name: the new representation is “43542, Kerren, Male, Richard, Louis,
Male,19540613,v1”.
3.12
traits
characteristics defined in a Patient Identifier domain, and “commonly” used in the real world, as a part of a
patient identity
Note 1 to entry: These could be criteria in the query of patient identity in the Patient. The Patient Identity Source Actor
is retrieved when the criteria of the query meet the traits in the Patient Identity Source Actor.
Note 2 to entry: See Service Functional Model for the Entity Identification Service.
4 Patient identity management
4.1 General
In this section, we will provide the definition of the concepts used by the management process of the patient
identity. It is following by a section on the cross-referencing management which completes the description by
the management of patient identity between several healthcare providers within a cross reference domain.
4.2 Concepts
4.2.1 Patient Identity
Within a Patient Identifier Domain, the patient is a real person represented by an identifier and a set of identity
characteristics called traits:
8
---------------------- Page: 10 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
Figure 1 — Definition of the qualified identity
In the case where the identification of the domain is not explicitly given, the identity is called unqualified
identity.
The traits are characteristics as name or subject of care name (ISO/TS 22220), first name, sex, date of birth,
address, etc. However some traits are more constant than the others. The constant traits form the strict traits.
Other traits can be categorized:
— extended traits: traits describing the patient such as Insurance number, mobile phone number, etc;
— specific traits such as food habit, medical specificities, etc;
— technical traits such as status of the patient identity, validity, indicators, etc.
4.2.2 Patient identifier domain
The Patient Identifier Domain is the context in which the identities described above are managed. It may be all
or part of a single organization, or a group of organizations. The Patient Identifier Domain is associated with a
Patient Identifier Assigning Authority, an organization, agency or provider that allocates patient identifier
designation.
In the identification process (see Figure 2), the arrow shows that the actor A accesses the identity id = D: ID -
{T} and uses it to point the patient information (e.g. the patient record) in order to consult and update it.
Figure 2 — Representation of the Patient Identity Source
Additionally, a Patient Identifier Domain has the following properties:
— a set of policies that describe how identities will be defined and managed according to the specific
requirements of the domain;
— an administration authority for administering identity related policies within the domain;
9
---------------------- Page: 11 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
— a single system, known as a patient identity source system, that assigns a unique identifier to each
instance of a patient-related object as well as maintaining a collection of identity traits;
— ideally, one and only one identifier is assigned to a single patient within a given Patient Identifier Domain,
though a single Patient Identity Source; generally because of errors or safety (when there is a doubt on
the identity and to prevent a wrong assignment with an existing patient identity) during the process, it may
assign multiple identifiers to the same patient;
— a Patient Identifier Domain Identifier is unique within a Patient Identifier Cross-reference Domain.
Other systems in the Patient Identifier Domain rely upon the identifiers assigned by the patient identity source
system of the domain to which they belong. (From IHE-PIX.)
4.2.3 Examples of patient identifier domain
The nature of the Patient Identifier Domain can be various depending of the regulation of the country:
— Health domain with a clear separation with the insurance domain:
the patient identifier could be national or local;
— Insurance domain;
— Citizen domain: in this case, a passport or national ID card:
could be used in healthcare to identify the patient.
Figure 3 — Identifier domains linked to one person
When a patient travels from country to country and when he has a contact with healthcare providers, the
process of identification is different. This problem is identified and addressed in this document.
4.3 Identity management process
4.3.1 General
In this section, the processes of identification are shown and illustrated by a care provision use case in
hospital.
The term “Identity management process” is preferred to the term “identification process”. The Identification
process is in fact a part or is included in the identity management process as the sub process of the creation
or update of the patient identity.
4.3.2 Care provision use case
The interest of this use case is that many of principal actions of the identity process management are
inventoried as shown below. The scenario assumes that all systems involved in it are in the same Patient
Identifier Domain.
This scenario “Caring in In-Patient setting” is split into two different sub-scenarios:
— caring in ward unit;
— caring in medical-technical unit.
10
---------------------- Page: 12 ----------------------
SIST-TP CEN/TR 15872:2014
CEN/TR 15872:2014 (E)
Figure 4 — Care process in hospital
Different actions are performed, related to the episode and to the services provided to the patient:
— To arrange an appointment for admission: in many countries, the appointment for admission is made
by telephone. At this stage, when the Admissions Clerk or the Consultants Secretary registers the patient
identification; Errors can occur (when the Admissions Clerk or the Consultants Secretary has not
understood the name or does not spell the name correctly and the patient information is errone
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.