Faughnan Home | FP Web Starter | Contact Info | Glossaries and Links | Site Contents
Comments provided to the AAFP on National Standard Health Care Provider Identifier. Original 6/19/98. Revised: 01 Feb 2002.
My principle comment is that the Federal privacy laws (Privacy Act 5 U.S.C. 552a) that would apply to the proposed identifier are likely too weak. This identifier allows information to be gathered from multiple sources and applied reliably to a single individual. Data aggregation is increasingly problematic in a setting where the public may feel they have a right to know "everything" about their clinician.
I would push for strong limits on how the NPI can be used. Existing Federal law does not suffice. The rules should specify that the strongest privacy protection applies; whether it is the protection provided by this regulation or that provided by other Federal or State regulation. The rules should have explicit rules on who can use the NPI and for what purposes. Use in marketing and sales should be expressly forbidden. Uses in monitoring medical error rates, quality assurance processes, liability claims, etc. should be carefully considered.
This is mostly a debate about who pays. The fairest way to do this is that those who benefit the most should pay to support the system. Presumably the cost savings are such that savings would still remain. If it is the Federal government that benefits (Medicare), then we should oppose attempts to shift their share of the costs onto others. Since providers are likely the weakest group politically, their is substantial risk the cost will be shifted onto us.
The list of approved uses for the NPI may need to be defined further. In particular penalties and enforcement issues may need to be defined. I suspect it is too broad.
SSN: Why do they want to store the SSN? We should strongly resist linking of the SSN to the NPI. This provides too much aggregation power and should be carefully justified. This is an inappropriate use of the SSN.
The data set should contain only data that is absolutely needed, particularly in the absence of very strong privacy protections. We may assume that whatever data is gathered will be increasingly public, irregardless of initial promises. The only protection is not to gather the data in the first place.
Pressure for public acquisiton of this data will grow. This is why only the most limited amount of data should be obtained.
Provider's mailing address may often be the provider's home address. This should not be public. The same may apply to provider's practice address in some settings.
Data that is public will be used by marketers.
A more restrictive level should definitely be created for public access.
We should insist that any data that is distributed for health care workers also be distributed for members of Congress and the Executive Branch. In fact, I'd love to see this in the bill.
There should be reviews of how the NPI is being used every year. Public comments should be solicited.
I couldn't understand the cost/benefit tables. Need more data on legends.