Why Patient Identity Management Is A Major Concern in Healthcare


As the 21st Century Cures Act requires providers to share health records with consumers, it is critical that what is released is the right record for the right patient. That requires patient matching from a master patient index across disparate record storage systems. With record retention requirements often spanning decades, the need for a coordinated and accurate long-term patient matching strategy needs to include legacy records.

Patient Matching Matters

A patient’s medical record has zero room for error. The electronic healthcare data that is generated and linked to the patient must be properly documented, linked to the correct person and available for different users. Challenges to fulfilling this task of data agility include the ever-increasing volume of health data and regulatory requirements such as the  21st Century Cures Act. Now more than ever, It is critical that what is released is the right record for the right patient. This requires patient matching from a master patient index across disparate record storage systems.

Medical record numbers and their importance.

A medical record number (MRN) is a unique identifier assigned by the provider to reference a single patient. The MRN serves as a reference point for all the patient’s medical records and is used to access and update the patient’s health information across multiple visits and interactions with the healthcare system. With almost 9 million people in the U.S. sharing a top-five last name of Smith, Johnson, Williams, Brown, or Jones, having the right patient assigned to the right record, matters.

As healthcare data continues to skyrocket, having the foundation for accurate patient identification is vital. This growth, along with the evolving regulatory rules from the 21st Century Cures Act, requires healthcare providers to be agile and able to share health records with various consumers such as providers, payers, and patients.

In short: Records being shared must be accurate and include the right patient’s PHI.

What is patient identity management?

A patient identity management policy is the process of correctly linking patient records to the correct person and accurately and reliably communicating this information throughout the continuum of care. The best choices for patient identifiers should be unique and unchanging information. There currently is not one official patient matching technique or process in broad use in the United States. Globally, some countries use unique patient identifiers (UPIs) to assist with patient identification. The main barrier to broader use of patient identity initiatives in the U.S. are attributed to privacy concerns. However, there are indications that patients favor accurate identification and may be open to increased patient matching efforts.

Consumers support increased patient matching techniques such as fingerprint scans or unique numbers or codes.

By a roughly 2-to-1 margin, the 1,213 consumer respondents in a study reported they were comfortable with health providers scanning patient fingerprints or assigning individuals a unique medical record number or code to ensure that different electronic health record (EHR) systems correctly match records for the same person, a long-standing challenge of data exchange. Further, 74% of respondents support federal policy changes to set national standards that could improve matching rates.

The five types of patient matching that received broad support, include (in order of support):

  1. Fingerprint scan
  2. Unique number or code
  3. Smartphone or app
  4. Eye scan
  5. Facial photos

The industry has struggled for decades to adopt a standardized patient identification system, leading to data errors and redundancies as well as unnecessary costs and risks. The talk of a universal patient identifier originated in 1996 when HIPAA was first enacted; however, Congress stepped in almost from the beginning to prevent federal support, citing privacy risk concerns.

The fundamental pain points around patient matching in healthcare include:

  • Duplicate records. There are an average of 5-10% of duplicate records in most hospitals; however, health systems that have multiple facilities or have merged with other systems are seeing duplicate rates around 20%.
  • Errors and mistakes. There are a lot of errors and mistakes in patient records. In a study published in the Journal of the American Medical Association (JAMA), 20% of patients had identified their own errors, with actual errors/issues from industry sources reported closer to 30%.
  • Lost staff time. Decreases in staff productivity and satisfaction can average up to 30 minutes of lost time per shift. In fact, 45% of large hospitals reported difficulty accurately identifying patients through the EHR.
  • Increased costs. There is a growing cost in staff, legal, billing, and regulatory departments related to EHR documentation. Improper documentation within the EHR accounts for 72% of the risk management subcategory of EHRs and includes users adding updates to the wrong patient or looking at the wrong dropdown or screen. The expense of repeated medical care due to duplicate records is estimated at $1,950 per patient inpatient stay, and causes $1.5 million in denied claims each year.

As more electronic health care data is generated and needs to be shared, there must be a focus on facilitating data linkage projects.

With patients visiting numerous clinicians and staff, combined with constantly changing patient demographics (e.g., name and address changes), it is impossible for healthcare providers to obtain a complete health history of their patients without an improved technology-based solution. And, with the new requirements for interoperable health records, unless patient records are coordinated and improved, the errors could follow patients for their lifetime and the entire healthcare ecosystem will remain disconnected. With record retention requirements often spanning decades, the need for a coordinated and accurate long-term patient matching strategy needs to include legacy records.

Providers have options to improve patient matching for legacy data.

Harmony Healthcare IT has decades of experience archiving clinical, financial and business records for providers of every shape and size nationwide to its cloud-hosted storage solution called HealthData Archiver® Our team can walk your organization through the important decision points needed to determine which Patient Identity Management option would make the most sense for your organization to tie archived medical records to active records in the production EHR. A high-level overview of each option is below.

Option 1: Good – Clinician logs in and accesses a patient record in the HealthData Archiver® from the go-forward EHR. Patient matching features include a Single-Sign-On (SSO) with Fuzzy Logic, a form of patient context sharing that supports matching patient records with a combination of first name, last name, social security number and/or date of birth.  This option is available, but not recommended as a suitable solution for interoperability due to lower precision in passing patient context for SSO.

Option 2: Better – In this scenario, the archive backloads the Master Patient Index (MPI) by data source and includes a Single Sign-On with MPI. This option includes a patient synchronization feature which allows the go-forward EHR to connect and process messages with HealthData Archiver®.  This allows the same patient records, with different MRNs in the systems, to be tied with a single Enterprise ID. This option keeps the EHR and HealthData Archiver®` MPI in sync.

This scenario works for an organization with:

  • an existing and accurate MPI strategy in place
  • a desire for high precision SSO patient context matching in conjunction with its current MPI tool/vendor.
  • a focus on compliance with the 21st Century Cures Act and future interoperability integration opportunities.

Option 3: Best – In this best-case scenario, there is an addition of a Unified Identity Management Protocol, which backloads a unique Universal Patient Identifier (UPI) by data source and includes Single Sign-On with UPI and patient synchronization to keep the EHR and HealthData Archiver® in sync. This option is the most complete as it incorporates reference data, which typically outperforms traditional matching solutions, like those embedded within the most common EHRs that base matching decisions on the patient demographic data provided. These other methods can result in out-of-date, incomplete, or inaccurate data.

This option is for organizations that:

  • Do not have an existing MPI strategy in place
  • Have an MPI in place but are not satisfied with the accuracy thresholds in existing processes
  • Are focused on compliance with the 21st Century Cures Act and future interoperability integration opportunities
  • Are experiencing M&A activities that demands a robust, long-term solution

The legal ramifications of not having a patient matching solution.

Penalties could be imposed on organizations that knowingly, or even unknowingly, commit a violation for non-compliance with HIPAA Rules. Generally, the Rules include national standards to protect individuals’ medical records and other individually identifiable information. There is an expectation that providers use best practices for record guardianship which includes ensuring the correct patient is assigned to their own records.

While most of the focus on HIPAA violations currently centers around information blocking, there are cases where a provider was fined for an unsecured server which resulted in disclosure of ePHI and a failure of risk analysis and another for failure to maintain appropriate safeguards. Other cases include healthcare providers faxing medical information to the wrong number which resulted in HIPAA fines and lawsuits.

Bottom Line: Sending medical records to incorrect patients is a HIPAA violation. It is an unauthorized disclosure of protected health information (PHI), compromising patient privacy and failing to safeguard confidential medical information.


Looking to improve your patient identity management policy? Check out this two-minute video to learn more about patient identity management.

Let’s connect.



Why is patient identification so important?

A patient’s medical record represents that person’s individual information that is crucial to their well-being. It is crucial to properly identify the right patient and match them with their own medical records. Without this trusted link, there are patient safety and quality of care concerns. Mistakes can lead to all kinds of errors in patient care, including medication dosage issues, failure to properly treat an illness or even serious issues with procedures being performed on the wrong body part or wrong patient.

What are the consequences of wrong patient identification?

There can be accidental issues where a patient record is mistakenly sent to an incorrect recipient, which generally represents a low risk for harm. On the other end of the spectrum, misidentified patient information could lead to a serious, even life threatening, treatment decision if the wrong patient receives a medication or procedure intended for another person. Further, there are HIPAA fines and sanctions for violations of the HIPAA Rules. These sanctions range from additional training to fines and other penalties.

Where is the risk of errors the greatest? Where do you most often see them?

One of the biggest problems with electronic medical records is that more than half of the text is copied and pasted. In a recent study of 100 million notes, with 33 billion words, more than half was duplicated. This begs the question: Is the medical record documenting individual information and are there mistakes in information getting passed on to records where it doesn’t belong? Unfortunately, if the errors are not caught, they can travel with a patient for their lifetime. This is problematic from a care perspective, can cause issues with insurance claims, and create redundancy in care if tests and imaging records are misplaced. According to the National Institute of Health (NIH) at least half of EHRs in an ambulatory setting may contain an error, with most related to medications, such as importing inaccurate medication lists.

Mar 25 2024

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up