GPII provides a set of <prTag>-based identifier services in support of the twin goals of accurate identification and enhanced privacy.
Identifier services
All GPII Services are offered using secure communications. Customers may use as many or as few of these services as are required to satisfy their healthcare needs. Healthcare organizations can use them to save money, avoid medical errors, improve the service they provide to patients, and reduce their risk of untoward events such as data breaches and identity theft.
GPII Identifier services include the following:
- GPII issues new <prTags> on request. A healthcare organization may request a single identifier or batches of identifiers. Every <prTag> conforms to an ASTM International/ANSI standard E 1714. It is abstract (no patient content), globally unique and a member of a distinct privacy class. Requests may be made for open or private <prTags> depending on the need. GPII identifiers are valid indefinitely and are never reused.
- When a healthcare organization encounters an identifier as part of an encounter it may wish to check its status. GPII responds to a request for status indicating whether or not the <prTags> is still valid for clinical use.
- There may be circumstances in which a healthcare organization wishes to 'lock' a <prTag>. This indicates that data associated with this identifier is intended to be read-only. For example, a healthcare organization may wish to lock identifiers for deceased patients or for anonymous data sets they make publicly available.
- Identifiers are issued for life and never reused. However, there may be circumstances when an identifier must be terminated - in other words, made invalid for future use. An example of this is when an identifier is discovered to have been used fraudulently. GPII will immediately notify all healthcare organizations that have used this <prTag> that it is now terminated.
- Healthcare organizations may wish to know all the other organizations that have encountered a particular identifier. When a request is made to GPII for data locations for a <prTag>, GPII responds by providing the requestor with a list of locations where data associated with this identifier resides. Any subsequent exchange of information between organizations occurs completed independently of GPII.
- A customer may request that an identifier be replaced. In effect, the replace function terminates the existing <prTag> and issues a new one to be used in its place. A patient may request this function, for example, if there is any concern about possible fraudulent use. Again, GPII notifies all other healthcare organizations that have used this <prTag> that it is now replaced.
- Errors will occur. While we have procedures to ensure that issuing two identifiers to the same patient (unless specifically requested for privacy reasons) will occur very infrequently, we also offer a service to fix this situation if it occurs in error. The customer may request that two <prTags> be merged and that all information from one identifier is moved to the other. GPII notifies all other healthcare organizations that have used either of these identifiers that they should now merge the data from one to the other. This service is particularly sensitive and requires special privileges to request. A merge may also be requested when a patient wishes to make previously private information openly available to all careproviders. In this case, the request is made to merge the patient's open identifier with a specific private identifier.
Note that none of these transactions require GPII to see or process any protected health information (PHI) nor do they permit us access to any patient identifying information. The GPII system never encounters any PHI and thus does not represent any incremental HIPAA liability to its healthcare partner organizations.