Driven by legislation and government policy makers, patient safety has motivated healthcare organizations large and small around the nation since the mid-1990s. From preventing medication and surgical errors to combating hospital acquired infections, much healthcare information technology (HIT) has been designed and dedicated to this effort. However, a recent survey of senior IT executives given at the 2008 HIMSS Conference and Exhibit indicates that access to patient records and compliance with HIPAA regulations has joined patient safety at the top of their lists.

Possibly motivated by several high-profile security breaches, IT executives now consider protecting patient privacy and securing access to private patient data as important as protecting patients’ health. For in a world where identity theft and insurance fraud are daily occurrences, hospitals find themselves both responsible and exposed.

Fortunately, there’s no need for hospitals to “switch gears” from protecting patient safety to securing patient data. Technology exists that provides both, is easily installed and is affordable.

New Ground

One healthcare pioneer that’s adopted such a system is ValleyCare Health System in Pleasanton, Calif., a northern Calif.-based not-for-profit health system with 212 beds on two campuses that’s been providing family care to the tri-valley and surrounding areas since 1961. Led by CEO Marcy Feit, who began her career at ValleyCare more than 30 years ago as a Nurse’s Aid, the intrepid staff of 300 dedicate themselves each day to advancing patient care. Feit considers ValleyCare to be a medium-sized hospital in competition with healthcare giants Kaiser Permanente and Sutter Health, among others, but acknowledges that the organization’s efficient use of resources enables her to adopt technologies quickly, which she feels gives ValleyCare an advantage.

Improper patient identification can have tragic consequences. Conversely, a dependable patient identification method has the reverse effect — patients are safer, and fraud and identity theft are averted.

“When you’re a stand alone, your ability to make decisions and to respond quickly is better than in mega-organizations,” she says. “Usually, they want to do things globally — for all hospitals simultaneously — so there’s a lot more that goes into it.”

Like most healthcare organizations in America today, Feit’s top priorities for ValleyCare include ensuring patient safety and preventing identity theft and fraud; however, unlike many CEOs who primarily focus on growing the business side of their organizations, Feit’s experience in nursing roots her strongly on the patient safety side.

“We’ve spent a great deal of time making sure that we’re treating the right patient,” she says. “We want to confirm that we’re treating John R. Jones and not J. Ruben Jones, because if one is a diabetic and the other isn’t, and we’re treating one of them in the ED, and we’ve pulled the wrong medical record, we could be providing inappropriate treatment.”

One way this happens involves duplicate medical records, which are created when patients give alternate variations of their names during registration. A patient might give John R. Jones on one visit and J. Richard Jones on another, and J. R. Jones on another. Without a method for preventing this, duplicate records can be created that hinder caregivers and threaten the patient’s safety.

“People don’t realize that those kinds of inconsistencies can be very dangerous,” says Feit. “I think in the future, identification will become critical for conducting business in healthcare.”

Authentication

The noninvasive, contactless biometric technology authenticates patients during registration using near-infrared light to illuminate the veins in the patient’s palm and record an image of the “print.” This identification method is considered highly accurate, since each person’s vein pattern is unique. Even between identical twins, enough variation exists to create a unique identifier that’s stored and associated with the patient’s medical records. This identifier fulfills one of the two forms of authentication that are required under HIPAA regulations when hospitals register patients.

Originally developed to authentic bank customers at ATMs in Japan, the diminutive healthcare version connects to the registration workstation computer, which also connects it to the hospital’s network and the organization’s master patient index (MPI) database. During registration, staff offers patients the opportunity to have their palms scanned and added to their electronic medical record. Once added, even unconscious patients can be instantly identified and treated, making palm scanning not only a beneficial tool during registration but in the ED as well.

“Many patients arrive in a delirium, so they’re not reliable sources for giving us their identification,” says Feit. “It takes time to find a family member or a neighbor to tell us who we’re treating, and many times the ambulance drivers aren’t successful in bringing identification. The patient is in such extreme condition the drivers are anxious to get the patient to us and can’t spend the time searching the house for an ID.”

Implementation

ValleyCare differs in another way from many larger healthcare organizations — the hospital outsources nearly all of its IT needs, including staff, to a 3rd-party organization. In this case that’s Siemens, which keeps IT personnel on site who report to Ken Jensen, ValleyCare’s CFO, who manages all IT contracts. ValleyCare leases its hospital information system (HIS) from Siemens, which maintains the network technology off site. According to Jensen, the symbiotic relationship serves ValleyCare well and contributed to the successful integration of the palm-scanning technology into ValleyCare’s HIS.

“We found the Fujitsu product at one of our trade shows,” says Jensen. “One of the reasons we wanted a more unique identifier was to make sure that we minimized duplicate medical records, but we also wanted to rely on Registration to properly identify the patient and get all the financial information so we could bill. Patient throughput is also important to us. The faster we get them out of the waiting room, the faster we get them into the hospital and can treat them.”

Rogel Reyes, director, Patient Access for ValleyCare worked directly with Tampa, Fla.-based HT Systems to integrate the technology company’s PatientSecure system and Fujitsu’s PalmSecure scanning technology with ValleyCare’s existing Siemens HIS to create the PALM authentication and registration system, which went live on Sept. 30 after a 90-day rollout.

“Palm vein biometric authentication is 100 times more accurate than a fingerprint,” says Reyes. “All of the registration areas where patients get checked in for any type of service — whether it’s the lab, diagnostic imaging, emergency department or inpatient services — all of our patient intake rooms have the scanner. Since we went live, registration is faster because patients returning for repeat services aren’t asked to provide their ID or insurance cards each time. They just place their palms on the scanners and within seconds the system displays their medical records.”

ValleyCare also implemented an infection control policy that requires the operator to wipe down the palm scanner each time it’s used with hospital approved antibiotic wipes to ensure that it’s free of biological contaminants at all times.

An Industry Pioneer

ValleyCare is the first hospital system in the western U.S. to implement such a system, motivated in part by a strong focus on patient safety and identity protection, but also in part by the Federal Trade Commission (FTC). Beginning on Nov. 1, 2008, the FTC’s Identity Theft Red Flag regulations went into effect, which requires healthcare providers to establish programs that secure patient medical records and block identity theft, as part of the Fair and Accurate Credit Transactions Act. In today’s technological world, it’s only natural for technology to play a role in fulfilling that mandate; however, there have been challenges.

“The population that’s a little more hesitant to enroll in our PALM technology is the elderly patients,” says Reyes. ValleyCare does not require patients to enroll, it’s simply offered as an alternative to traditional identification. Patients are free to opt out and many do.

“Our younger patients seem to be more accepting, while our older patients tend to ask more questions about what it is,” says Jensen. Skeptical older patients are a healthcare industry reality; and though each year demand for technology increases among providers (to the point where without a strong technology base, hospitals can find it difficult to attract new physicians), among patients, acceptance of technology is not an imperative. And, since Boomers are the fastest growing patient population, it’s questionable whether adopting technology will be a benefit or a detriment to hospitals going forward. Nevertheless, mandates are mandates and ValleyCare, like many provider organizations, sees technology as a necessary link to a brighter healthcare future.

Financial Incentives

From a business perspective, switching from printed registration cards to palm scanning might not present a cost benefit; however, it’s much more accurate in identifying patients and can prevent fraud. In 2007, ValleyCare found itself in court after a mismatched blood type alerted an insurance organization that something was amiss concerning a $100,000 surgery bill for which the health plan had already remitted the hospital for the claim.

“We got paid and then the insurance company took the money back,” says Jensen. Unbeknownst to ValleyCare, a sibling of the registered patient had switched registration cards and undergone the surgery incognito. The health plan investigated the incident and brought criminal charges against the fraud’s perpetrators. “We eventually got paid, but it cost us time and money from a legal standpoint,” he says. Had the changeling’s palm been scanned during the initial registration process and compared against a previously scanned palm, the authentication would have failed to match the on-file records and the jig would’ve been up prior to surgery. At that point, the questions would begin.

“This technology is a way of specifically identifying patients,” says Jensen. “And, long term, it has applications beyond just registration, in terms of errors.”

Going Forward

ValleyCare is considering using the palm-scanning system to authentic physicians as they move from floor to floor, and patient to patient. Currently, physicians log into the hospital’s HIS and type in their identification codes to gain access to patient medical records during their rounds. As with most manual authentication systems, the process is time-consuming and invites error. With palm-scanning, physicians would simply scan their palms upon entering or exiting a floor or a hospital wing, which would increase accuracy and lower costs enterprisewide. The time/cost savings also benefits patients.

Possibly motivated by several high-profile security breaches, IT executives now consider protecting patient privacy and securing access to private patient data as important as protecting patients’ health.

“If patients enroll in the PALM program at the physician’s office level, when they’re referred for hospital services we don’t have to ask them those questions again,” says Reyes. “We just physically scan their palms and from there we can positively identify them.”

Devices such as these play an important role in healthcare, where misidentification can result in fraud, or worse, death. Progressive healthcare organizations like ValleyCare improve the industry overall by adopting new technologies and then sharing experiences that corroborate reports and motivate decision making.

“If you ask each of my executive team, they’ll see the value from their perspectives,” says Feit. “My CFO sees that accurately identifying patients prevents fraud and makes sure the proper information is collected for billing. For me, having this device means improved patient safety. We need to know if a patient is diabetic or on medication or has had a stroke. Then, we can be sure we’re giving the right treatment.”

January 2009