The United States is in the process of spending billions of dollars to provide incentives for the implementation of electronic health record systems. The goal is to share health information to support increasing the quality of care while controlling cost. However, concerns about the security of healthcare data and our difficulties with uniquely identifying patients have emerged as significant stumbling blocks in this effort.

Having a way to represent the identity of a patient in electronic transactions when the patient is not present is critical  When a doctor orders a lab test, a biological sample is usually taken and, analyzed, and the results are reported back to the doctor. In the many steps where the patient is not physically present, she is represented by data, typically a name and a number (sometimes presented in a bar code). In fact, according to the HIPAA Privacy Rule, there are at least 17 data elements that can be used to identify a patient that must be removed before a medical record can be considered ‘de-identified’. It is essential that the data that represents the patient be accurately matched to the person who is the subject of this data across all records about that person.  If the match is wrong, there is a risk that the patient could receive inappropriate care. Incorrect matches also introduce increased costs into the system.

Although development of a standard way to electronically represent patient identity is a requirement of HIPAA, that standard has not yet been established for the US, although it has been a hallmark of the healthcare systems in other nations. As a result, patient identity is typically represented by a constellation of demographic data: name, birth date, address, and gender, as well as a number assigned by each particular facility or activity, such as a medical record number or accession number. Even the simplest data element, gender, can be encoded in different ways at different locations and even the name of that data element has different forms (e.g., sex or gender). Ordinary typing errors or problems like two patients having the same name complicate the issue. A patient may use multiple names, variations of the same name, or multiple spellings of a name. As our population becomes more culturally diverse we also have to accommodate different orders and numbers of names than our old norms. However, even if we had already adopted global standards for representing these demographic data and variations, people move, they get married and divorced, they lie about their age, and they change the names they are known by for a variety of unpredictable reasons. There are algorithms to match records about the same person from multiple sources but these matches frequently result in a significant chance of error, which increases with the number of records and the diversity of sources. 

A December 2009 HIMSS White Paper entitled Patient Identity Integrity identified medical and financial costs of incorrect patient identity matching:  “The ultimate goal is the accurate identification of the patient and linking of all related information to that individual within and across systems. Linking the wrong clinical information to a person can not only cause great personal harm to the patient, but can also incur huge costs to the healthcare provider in correcting and mitigating the error. Incorrect information impacts patient safety and compromises quality of care. Good clinical decisions based on bad data become bad clinical outcomes.”

Establishing appropriate linking between a patient identity and the patient’s records is different for current and future records and past records. There are several techniques for establishing a patient’s identity in the present, including the use of third-party data providers that can use public records and other data through Knowledge-Based Authentication (dynamic KBA).  If patient identity information were then recorded in a standard format and, possibly, linked to a unique identifier, future records could be linked to this identity, and data matching could be more easily and accurately performed. However, this still would not resolve questions about the quality of matching data contained in past records, which were created with various levels of identity proofing and where data were recorded in non-standard formats.

Work continues on the development of standards that will uniquely identify each patient across the various medical establishments and there are efforts to establish unique health identifiers on a voluntary basis that a patient may use and which will permit the accurate matching of the data in all the records related to her. It is essential that the standards that are created and adopted also protect the patient’s identity from misuse and maintain her privacy outside of immediate medical needs.