Key Takeaways:

  • The US healthcare system has dramatically increased the use of EHRs
  • Digital patient data is growing exponentially and is increasingly shared and distributed across dispersed care settings
    Healthcare organizations store data across many different databases and use different methods to identify patients and match data residing in these systems
  • There are no national standards for patient identification and matching
  • Erroneous, missing, or duplicate information residing within health IT systems presents a patient safety hazard and can negatively impact the quality and efficiency of care
  • Growing constituents are calling for a Nationwide Unique Patient Identifier to help address these concerns


The push to get US healthcare providers to increase their use of electronic health records, or EHRs, began with the passage of the HITECH Act in 2009 which included the CMS EHR Incentive Program. Putting aside for a moment some of the rather contentious opinions about the overall impact of EHRs on the healthcare system, we can definitely say that, in terms of driving technology adoption, the program has been tremendously successful. Today, EHRs are ubiquitous within the US healthcare system. Recent data from HHS finds that nearly 97 percent of hospitals and three-fourths of ambulatory providers currently use a certified EHR system. But the transition to digital records has not been smooth for many providers who continue to complain about poor usability, lack of data privacy and security, and, increasingly, potential risks to patient safety posed by EHRs. With the push for basic adoption now complete, the new focus for EHRs and all health IT is on improving functionality, user experience, data sharing, and patient safety. With regard to the latter two issues, it is important to consider how the widespread use of EHRs and other types of health IT is driving a new imperative for better patient identification processes and technologies. Consistent and accurate identification of individuals within any transactional digital system can present a challenge. In healthcare, the problem of identity errors presents unique concerns. In its recent annual report on healthcare safety (Top 10 Patient Safety Concerns for Healthcare Organizations), ECRI Institute ranked patient identification errors second, finding such errors to be “not only frequent, but serious.” As ECRI and others have acknowledged, the problem is real and growing and more people are demanding action to address this issue. I’m one of them, due to my rather unnerving introduction to my own EHR a couple of years ago.

How Did The Wrong Information Get Into My Medical Record?

Although I live in major metropolitan area, my doctor’s office was a bit in late adopting EHRs.  Like many small primary care practices, my doctor struggled to adapt to the digital age but ultimately did so when the practice was purchased by a larger integrated delivery network (a common scenario for small private practices in the US).  This move allowed my doctor to upgrade the old paper-based patient record system to a state-of-the-art, market-leading EHR. Great! I was very excited to finally get my own EHR and couldn’t wait to review my information with my doctor on my annual visit. However, my excitement soon turned to disappointment (and concern) when I realized that my health record was populated with erroneous medical data, including lab and imaging results for procedures I never had.  When I asked the office to explain how the wrong data found its way into my EHR, I was told that in addition to scanning in some of my old paper-based data, the record pulled in some electronic data that resided in the larger delivery network. I had never previously interacted with this health system before so somehow some other person’s data was mismatched to my record. Luckily, the error was discovered and corrected, no harm done. I’m sure my experience is not unique and is likely particularly problematic for people with common names, unlike me. So how does information get in—or not get in—anyone’s EHR?

Common Methods of Patient Matching for Health Information Systems

Most people today see many different healthcare providers most of whom use many types of information systems for clinical, administrative, and financial services. Clearly, these data need to come together to create a holistic view of the patient’s status. Data needs flow and be shared and, of course, also needs to be matched. How is that matching done? The first thing to understand is that there is no standard approach but there are some commonalities around data attributes that are used by most organizations for patient matching including the rather obvious name, date of birth, gender, phone number, and address. Social Security numbers (SSNs) have traditionally been used as a unique patient identifier by many healthcare organizations but this is increasingly considered to be a risky practice and many people are becoming reluctant to share this information because they know that vast amounts of financial and personal information is already linked to their SSN. Furthermore, CMS is changing the rules on the use of SSNs. The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) was finalized by CMS on October 14, 2016. MACRA was signed into law by President Obama in April 2015, ending the Sustainable Growth Rate (SGR) formula for Medicare payments to physicians. The new rule, which begins in 2017, requires CMS to remove SSNs from all Medicare cards by April 2018 in an effort to protect patient’s data and prevent identity theft. Although MACRA does not specifically require a new patient ID for Medicare, CMS plans to replace SSNs with a new Medicare Beneficiary Identifier (MBI) for all Medicare beneficiaries, both living and deceased (archived). Gender and signatures will be also removed from Medicare cards. Some industry experts are concerned that the creation of yet another payer-specific ID will cause even more confusion in patient matching and call for a more efficient and effective solution.

Because patient data is stored in so many different places (locations and databases) both within and across various enterprises, the need to create an enterprise master patient index (EMPI) has arisen as a means of identifying and matching digital data. An EMPI is a homegrown or commercial software solution that uses algorithms to assign and cross check patient identifiers based on data attributes. The success rate of EMPIs in matching patient data can vary according to the robustness of the software and by institution. On average, the matching capabilities of EMPI solutions result in a 70 percent match rate, requiring the other 30 percent of unmatched identities to be resolved manually (one hopes). Some EMPI solutions on the market have much higher accuracy rates. Patient identification and matching can also be highly dependent upon an organization’s overall approach to data quality and governance, particularly with regard to the management and oversight of common problems that occur at the point of data entry such as typos, transpositions, misspelling, missed data fields, duplicate entries, outdated/wrong/fraudulent information provided by patients, and so on. The leading patient identification solutions use advanced methodologies that can help correct and counteract most of these issues, but many of these commercial solutions can be expensive to deploy and maintain.

Will a Nationwide Unique Patient ID Help Facilitate Better Standards and Processes for Patient Matching?

The key objective of health IT is to help us move towards a better standard of care that maximizes quality and safety, improves patient outcomes, and drives operational and cost efficiencies. Health IT is essential to enabling patient care that must be coordinated across an increasingly dispersed healthcare ecosystem. Care coordination cannot occur without health data interoperability and sharing which in turn requires that patients be appropriately and consistently identified and matched with existing data at every step along the care continuum. Is this happening today? Not nearly to the extent that it should.  A growing chorus of proponents of a Nationwide Unique Patient Identifier (NUPI) believes that this offers the best solution to help bring a more standardized approach to patient identification and matching. Advocates including organizations like AHIMA, CHIME and others believe that the creation of a NUPI would help facilitate easier matching and tracking of patients across the healthcare ecosystem. The Health Information Systems Society (HIMSS) supports national standards and consistent strategies for patient identification and matching and has directed Congress to study this issue but has not specifically stated support for a NUPI. The Office of the National Coordinator for Health IT (ONC) has not committed to the NUPI bandwagon but has acknowledged the need for better patient identification. ONC’s 2014 report on this issue (Patient Identification and Matching Final Report, February 17, 2014) calls for the standardization of patient attributes for the purpose of information exchange and care coordination and introduced EHR certification criteria to facilitate this functionality. In addition, ONC’s 2015 Interoperability Roadmap (Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap) includes a minimum set of data elements to be used in patient matching and emphasized the importance of accurate identity matching and reliable resource location as roadmap categories.”

While health data experts admit that an NUPI is not the ultimate panacea to the patient matching dilemma, many agree that it could facilitate a more robust process for confirming a patient’s identity, thereby improving health data exchange and matching rates and bolstering patients’ and clinicians’ confidence in EHR data accuracy and completeness. Furthermore, an NUPI could help bring a more holistic view of the patient into the EHR by linking to other important data such as medical clams and socio-economic data.

Where Do We Stand on Implementing a National Patient ID?

The concept of a NUPI is gaining currency but it is not a new issue. In fact, the original HIPAA legislation of 1996 recognized the importance of a unique identifier for data sharing and included provisions for such an identifier. However, those recommendations have never been enacted primarily out of concerns for privacy and security and “Big Brother” collecting information on US citizens. Ah, the halcyon dates of the mid 1990’s when we really thought data privacy was possible. The world is a very different place today, digitally and otherwise, but HHS is still prohibited by Congress from using federal dollars to create a NUPI. Fortunately, there’s new reason to hope that change is underway. Recent indications are that Congress appears to be softening in its opposition to potentially funding the development of a NUPI.  A recent report from the House Committee on Appropriations contains language on the use of national patient identifiers indicating the possibility that future legislation could remove the prohibition against federal government funding for a means to improve patient identification and matching. This would be a very welcome development in my opinion.


It’s safe to say that EHRs and other health IT tools are here to stay. Health data is growing exponentially every year and these data need to be put to work to drive better healthcare decisions. Everyone is touting analytics as a great tool to improve the health system; in fact, analytics are the foundation of the population health approach that is so fundamental to value-based reimbursement. But we can’t transform healthcare with care coordination, population health, or precision medicine without robust and accurate matching of patient data. Analytics is great in theory but if the data is incomplete or wrong due to unmatched or mismatched data in EHRs, then we may be creating as opposed to solving problems. Another issue that is very important, and I think underplayed, in considering the potential value of an NUPI, is how this can be used to drive patient and consumer engagement. Our research at Frost & Sullivan and numerous other studies indicate a growing trend for people wanting greater access and control of their own health data, particularly younger demographics. Clearly not every member of society is going to be interested in or able to engage in this process but people are now more aware than ever of the need to ensure that their medical information is up-to-date, accurate, and complete. Furthermore, patients are the primary source of demographic and other information that is used in patient matching but they are mostly unaware of how important these data are in helping ensure the data quality of their health record. Better patient understanding and involvement in the process of the creation and maintenance of their medical records is essential to achieving our goals in transforming healthcare. Could a Nationwide Unique Patient Identifier be leveraged as the cornerstone of a movement to get people more involved with their own data? I think this is where we need to go.

Your Transformational Growth Journey Starts Here

Share This