Congressional Newsletter
Monthly updates to Congress on RAND's work in health policy

The Costs and Benefits of Alternative Patient Identification Schemes in a National Health Information Network

stethoscope on computer keyboard

Capitol Hill continues to examine the issue of implementing health information technology (HIT). Part of the debate revolves around a unique patient identifier (UPI). A RAND study team led by Richard Hillestad recently analyzed and compared two approaches for a UPI across a number of dimensions, including error rates, operational efficiency, costs, and privacy and security issues. Prior RAND research from 2005 (see last item below) estimated that nationwide improvements in health information technology (HIT), if widely adopted and properly implemented, would save money and improve the quality of health care in the United States. Annual savings from efficiency alone could be upwards of $77 billion. A key component of these improvements is a National Health Information Network (NHIN) linking health care information systems across the United States to allow sharing of critical health information swiftly and easily. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandated the development of a UPI, to enable physicians, hospitals, and other authorized users to share clinical and administrative records more efficiently. A UPI could serve as a building block for the new NHIN. Since 2004, the U.S. Department of Health and Human Services (DHHS) has moved forward with steps to develop the NHIN. However, development of a UPI, a key to linking records across the emerging network, has been sidetracked by privacy concerns. These concerns eventually led Congress to bar DHHS from expending funds to develop the UPI. The congressional ban has led to reliance on an alternative approach to creating a patient identifier: the use of statistical matching techniques to identify and access patient information, which involves identifying patients by matching patient data, such as name, address, zip code, or other information, with medical records. Debate in policy circles continues about the relative merits of these two approaches. The recent Hillestad study provides a more factual basis for this debate. The study found that, compared with a statistical matching approach, a UPI should reduce errors and improve interoperability without significantly increasing the risk of security or privacy breaches. A UPI for every individual American would be more expensive to implement, but the additional costs should be viewed in the context of potential cost savings through efficiency and potential improvements in patient safety and privacy protection.

Read the Fact Sheet »

What Are the Real Privacy Concerns Surrounding a National Health Information Network?

computer and lock

Another RAND study, conducted by analysts Michael Greenberg and Susan Ridgely, examined the privacy implications of patient identification schemes in the context of an emerging national health information network (NHIN). The researchers concluded that the controversy over unique patient identifiers (UPIs) has been a distraction from the key privacy issues connected with an NHIN—namely, the need to strengthen federal privacy rules under the Health Insurance Portability and Accountability Act (HIIPA) of 1996 and to reconcile current state laws on health information privacy. The current incremental approach to developing an NHIN, in which regional health information organizations (RHIOs), established at the state and community levels gradually develop electronic links and rules for exchanging health information across state boundaries, means that health information is subject to many different local schemes for indexing and accessing records. Greenberg and Ridgely contend that HIPAA’s privacy rules are not adequate for an NHIN, regardless of whether the network involves a uniform national system or a patchwork arising from regional networks. In addition, HIPAA currently allows states to enact privacy protections that are more stringent than the national standard. Unsurprisingly, state privacy laws are quite heterogeneous. This variation may slow evolution of an NHIN—for example, RHIOs in state A may decide to restrict or preclude sharing of health information with RHIOs in state B because the latter state does not provide adequate privacy protection. Several reforms for strengthening health information privacy have been suggested, including (1) extending HIPAA privacy rules to RHIOs, an NHIN, and any other network that collects, stores, and transmits patient information; (2) enacting federal legislation against misuse of personal health information; (3) enacting federal rules to govern operation of an NHIN as well as strong enforcement procedures; and (4) building privacy protection into an NHIN architecture—for example, letting patients decide whether they want to participate in the network or letting them restrict access to particular kinds of information, such as mental health treatment.

Read the Fact Sheet »

Better Health Information Technology Could Save Lives and Cut Costs

computer and pills

In prior work from 2005, a RAND team, also led by Richard Hillestad, modeled the potential costs and benefits of widespread health information technology (HIT) adoption. RAND estimated that implementing HIT systems in 90 percent of hospitals and doctors’ offices would cost about $8 billion per year over 15 years; savings from efficiency, safety, and health benefits could be $80 billion or more per year. Efficiency savings result when the same work is performed with fewer resources. If most hospitals and doctors’ offices adopted HIT, potential efficiency savings for both inpatient and outpatient care could average more than $77 billion per year. The largest savings come from fewer hospital stays (a result of increased safety and better coordination and scheduling), reduced administrative time for nurses, and more efficient drug utilization. HIT improves patient safety, largely by means of alerts and reminders generated by computerized physician-order entry systems for medication. If all hospitals had an HIT system that included this function and used it effectively, approximately 200,000 adverse drug events could be eliminated each year. HIT can also improve disease prevention by scanning patient records for risk factors and recommending appropriate services, such as vaccinations and screenings. However, current market conditions place serious obstacles in the way of HIT adoption. Only 10 to 15 percent of doctors’ offices and 20 to 25 percent of hospitals now have some kind of HIT system. Most of the existing systems cannot talk to each other, and there is no market pressure to improve connectivity. Another barrier is the disconnect between who pays for and who profits from HIT. Patients benefit from better health, and payers benefit from lower costs, but providers pay to implement HIT and experience lower revenues after implementation. For instance, hospitals that use HIT to reduce adverse drug events also reduce bed days—and reduced bed days mean reduced revenue. The U.S. Department of Health and Human Services should continue to support the development of uniform standards and HIT certification. In addition, Congress should promote hospital-doctor connectivity by allowing hospitals to subsidize portable, standardized HIT systems for doctors. This means relaxing current laws that prohibit such subsidies. The government should also develop targeted investments and incentives to promote HIT. Incentives could include a pay-for-use program for providers using HIT, which could be a first step toward a pay-for-performance system. Some direct subsidies might greatly speed HIT adoption. Finally, the government can help guide effective adoption of HIT by gathering additional empirical evidence of its benefits and policy effects.

Read the Fact Sheet »


Richard Hillestad

Richard Hillestad

Richard J. Hillestad (Ph.D.) is a Senior Principal Researcher at the RAND Corporation and Professor of Policy Analysis at the Pardee RAND Graduate School. As a systems analyst, he has analyzed a wide range of complex real-world environments, modeled them, and developed solutions. In 2005, he led a major study to estimate the cost and quality benefits of widespread adoption of healthcare information technology and to suggest policies that will enhance the likelihood of realizing those benefits. Recently, he led a study to provide an objective assessment of alternative approaches to unequivocally identifying health care patients while maintaining privacy and the security of electronic medical records. In addition, Hillestad is leading the technology assessment team for a multi-year effort intended to assess mechanisms for health care system change.

Read more work by Dr. Hillestad »


Lindsey Kozberg
Vice President, Office of External Affairs

Shirley Ruhe
Director, Office of Congressional Relations

Kristy Anderson
Health Legislative Analyst

RAND Office of Congressional Relations
(703) 413-1100 x5395


More Congressional Resources on Health

Health Research Area

RAND Health

RAND Congressional Web Site

RAND Web Site



To unsubscribe, please write to or call (703) 413-1100 x5395.

Members of Congress and staff may receive a free copy by writing to or calling (703) 413-1100 x5395.

RAND can also provide briefings, research assistance, testimony, and other services to Congressional offices.

Sign Up Sign up for other RAND Congressional Newsletters.

RAND Health conducts objective research on health, health behavior, and health policy. Access to all RAND Health research is available at

The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world.

Learn More »

Copyright © 2008 RAND Corporation. 1776 Main Street, Santa Monica, CA 90401-3208. RAND® is a registered trademark.

We respect your privacy. If you do not wish to receive this periodic newsletter, please email or call (703) 413-1100 x5395.

This newsletter is also available on the RAND Congressional web site »