Talks about universal patient identification (UPI) numbers have been gracing news headlines recently as the debate about privacy and health care continues. Proponents of UPIs believe a unique ID number for medical records will improve health care by increasing accuracy and save money by reducing errors. Anti-UPI arguments loudly refute the idea because of inevitable privacy concerns and unintended, even illegal, consequences. The best solution, in my opinion, may be a decentralized electronic medical record database where patients are in control of when and how their personal information is shared, like a personal credit report.

First off, how is a UPI different from a social security number (SSN)? Reports state that the UPI differs from the SSN because a UPI will be used for medical records only. That’s great; but there is no way to separate financial information from medical records. Are we really going to expect all health care facilities to stop using SSNs and switch to UPI-based tracking systems? Our SSNs are attached to everything health-care related, from insurance cards to prescription refills. Switching to UPIs sounds like a huge cost that many facilities simply cannot afford. Much more investigation needs to go into medical identity theft and mass data handling before we add an arbitrary number into the equation.

Consider the credit report example. Highly personal information is listed on a credit report, and linked to a social security number. When someone applies for new credit, they give permission to that creditor to access credit information. Any illegal activity, including identity theft, will also show on the credit report and cause substantial damage to financial credibility. Creating a new identity is a difficult process, and rightfully so. Individuals have the ability to view and fix errors on their credit report via secure website applications, but do not have the power to hide the information unless it is removed. There is a hierarchy of checks and balances to ensure any changes are legit.

Now, let’s see how the credit report example compares to medical records. Similarly, highly personal information is contained in medical records, and linked by a social security number. When someone enrolls for health insurance or visits a doctor, the patient may or may not be asked permission before their medical records are released. If someone attempts to use a stolen identity to obtain medical services, the consequences can be severely damaging to the unknowing victim. Creating a new medical record is impossible, unless you change your identity. Only a limited number of health care companies give patients full control over their medical records for sharing and monitoring purposes, and they always have financial information attached.

The time has come for a more patient-controlled system for correcting medical records. The UPI may be a solution, but there are considerable costs to bear.

Supposedly, if your UPI becomes compromised, a new number can be obtained so patients don’t have to change their identity. To me, that seems like a big, red flag! There are countless cases of falsified medical records, especially when illegal activity is involved. What will stop a criminal from using false identification to obtain multiple UPIs?

The UPI theory (and I call this a theory because I hope it stops there) was born from a need to improve the accuracy of medical records, accompany all patients, reduce human errors, and, ultimately, lower the cost of health care. In the last year or two, the US has invested billions into digitizing medical records as a means to these ends. These are all valid concerns that need to be addressed, I agree, and I sincerely appreciate the digitization efforts; however, I am not convinced of the need for a unique medical identification number for all individuals.

Read more: Should every patient have a unique ID for all medical records?