Patient Identity Management: Calming the Chaos

Home | Subscribe | Resources | Reprints | Writers' Guidelines

Winter 2024 Issue

Patient Identity Management: Calming the Chaos
By Elizabeth S. Goar
For The Record
Vol. 36 No. 1 P. 20

Plagued by data quality, standards, and collection issues, patient identity management remains a thorn in the health care system’s side. Adding to the chaos is an increased use of automation—which can compound patient matching issues—and the uptick in mergers and acquisitions that necessitates the blending of disparate data.

Not to mention “increased used of telehealth and portal activity pushing more tools to patients and in many cases allowing them to register themselves,” says Megan Pruente, MPH, RHIA, director of professional services at Harris Data Integrity Solutions (DIS). “These are all great things, but without more education and standards around how and what data is collected, there are more errors and issues coming in this way.”

In some ways, the current chaotic state of patient identification can be attributed to the success of the HITECH Act and other federal incentives to accelerate the digitization of health care and enable widespread information sharing, according to Clay Ritchey, CEO of Verato.

“The problem now is that we are inundated with data that’s sitting in disparate silos. We aren’t able to identify who it belongs to and therefore we aren’t able to put it to good use, whether for analytics purposes for things like patient engagement or curating an amazing care experience, or whether it be … to share that information at the right place at the right time,” he says. “The idea of doing rudimentary identity data management inside of a clinical system? We’ve outgrown that. And that is the kind of infrastructure that many health systems have today.”

Claire Reilly, RN, MSc, chief nursing informatics officer and vice president of clinical operations at Imprivata, put it more bluntly, calling the current state of patient identity management “shocking.”

“It was a challenge before COVID,” she adds, “and it’s just multiplied by the explosive growth of patient populations. And it is so complex that many facilities rely on manual processes … and very outdated identification methods like SSNs [social security numbers].”

Multiple Root Causes
Patient identity management is one of health care’s most intractable problems due to a multitude of contributing factors. One of the most significant is the lack of industrywide standards, according to Pruente. She cites several examples, such as updating the name and sexual orientation/gender identity data when someone is transitioning from male to female or vice versa or when an individual has more or fewer than three names (first, middle, last).

An analysis by Harris DIS found that among 35 million patient records with default, invalid, and/or blank fields, 57% were missing the middle name, followed by the SSN (41%). Home phone numbers (13%) and addresses (10%) were the next most common problem fields.

Further, among more than one million confirmed duplicate pairs, 52.5% of SSN fields had data discrepancies, followed by more than 31% of middle name fields, nearly 13% of last name, and more than 8% of first name fields.

“We are so reliant on good data collection in the demographic data fields because we do not have a unique health care identifier that is used industrywide, so if the demographic data collection is error ridden, not reliable, or changing often, it’s really hard to do accurate patient matching,” Pruente says. “Addressing [patient matching challenges] at all levels of the organization is super important. In a lot of cases, we are stuck with older EHRs that don’t have the fields we need, but doing the best we can with the tools we have is key.”

Reilly points to the numerous outdated and manual methods for patient identification in use at many health care organizations, such as the use of SSNs, which is particularly problematic in pediatric facilities and increases the risk of fraud. However, another part of the problem is simply the complex and often chaotic environment in which care is provided.

She recalls how easily duplicate records were created during her days as an emergency department charge nurse, despite using drivers’ licenses and other forms of ID and confirming the information with the patients. In the chaotic emergency department environment, similar and similar-sounding names and other identifying information can easily make their way into the system as a duplicate or overlaid record.

“It was one of my pet peeves. But it’s easy [to do] and goes back to sound-alike and similar names. Plus, the volume of patients passing through the emergency room where the patient presentation is acute and fast moving,” she says. “So there are many, many risks. We talk about the cost of this, but the real cost is the patient safety risk.”

Reilly also points to limited interoperability between health IT systems—even within the same organization—as well as limited time and resources to properly address the problem. “We realize that we need positive patient identity. But there are so many competing projects that every time we start getting this to the front of the queue, it gets pushed back, [which creates] misidentified patients and suboptimal events.”

Taking the complexities a step further, Ritchey points to the vast gulf between how older baby boomers and Gen Xers navigate the health care system compared with millennials and Gen Zers and how it affects data collection and utilization.

Most of the population aged 50 and older have primary care physicians whom they see regularly to guide their care. Conversely, only about one-quarter of the younger generation works with primary care physicians to navigate the system.

“They are looking for a very different way of curating their care,” he says. “They’re going to ‘Dr. Google.’ They want to diagnose themselves with a symptom checker. They want to find the right care provider to treat their needs. They’re looking to schedule online and do risk assessments online. It’s that whole kind of virtual care experience that anticipates their needs, knows who they are every step of the way, and can be continuous whenever they’re physically receiving care as part of that journey. Being able to have systems talk to one another and have one complete view of that person is critical.”

Resource availability and allocation, as well as lack of collaboration between patient financial access and HI and HIM teams, also contribute to the problematic state of patient identity management, particularly for smaller organizations, according to Julie Pursley, senior director of knowledge and practices at AHIMA.

Large organizations typically have higher budgets and larger data integrity teams to dedicate to both front-end patient access processes to limit the creation of duplicate and mismatched records and back-end processes to clear out any that do slip by. Smaller organizations, however, are faced with difficult decisions on where to prioritize their limited budgets to have the greatest impact.

“They may not have dedicated team resources to address duplicates, so prioritizing those resources is a must,” she says. “Keeping a clean index is probably the most challenging. We know there are a lot of errors in them, and often it’s best to address these at the facility level. If the data is not accurately created at the start of the patient journey, the data quickly moves through multiple systems internally and externally. Any of those potential mismatches can inhibit a provider’s ability to access critical patient information down the line.”

A Two-Pronged Solution
Because patient data is no longer possessed solely by the health care organization where it was first collected, the patient identity management problem must be attacked at both the industry and facility levels. According to Reilly, the first step is to strengthen the collaboration between health care providers, government agencies, and other stakeholders to develop a comprehensive and standardized approach to patient identity.

Without that, she says, patient identity management is challenging “because you don’t have equilibrium across the health care system … so we really do want buy-in from the industry, from government, and from regulatory agencies to standardize practices. But it’s not just [federal] agencies, because when you look at the bigger picture [there are also] states. Having HIE [health information exchange] in place is very challenging. Many are trying … but it’s not easy.”

Which is not to say there hasn’t been progress at the industry level. In 2022, Project US@, a collaboration between Office of the National Coordinator for Health information Technology (ONC), standards development organizations, and other stakeholders, released its Technical Specification for representing patient addresses, and the accompanying ONC-AHIMA Project US@ Companion Guide focused on identifying, recording, and verifying patient addresses at point of registration to support data governance and quality improvement. Previously, the Patient ID Now coalition released its Framework for a National Strategy on Patient Identity.

Most recently, AHIMA released updates to its Policy Framework 2023: Enhancing Person Matching With Essential Demographic Data Elements to address the lack of standards in identifying and matching patients in EHRs and other health IT systems. Among other things, the framework acknowledges the changing landscape of health information, where patient demographic data goes beyond traditional master patient indexes (MPIs)/enterprise master patient indexes (EMPIs) and patient information is now more broadly shared. The framework also introduces the concept of “master person index” vs the narrower “master patient index” definition of MPI.

“It’s not just patients in these indexes anymore. There are [also] guardians, guarantors, and caregivers, so it’s much broader than [maintaining just] a patient index,” Pursley says. “Managing and maintaining a clean person index cannot be addressed by technology alone. There continues to be this need for people, processes, and technology working together to manage data. There’s just no one solution that’s going to fix it.”

Nor will it be fixed by industry-level solutions alone. Steps must be taken by individual facilities to put in place the resources, processes, and policies to ensure the ongoing integrity of patient information throughout its lifecycle—and to let go of the urge to place blame when mistakes do happen and instead put the patient in the center of the solution.

“If I put [the patient] in the center of my thinking, I’m going to be looking at how I can set up a team [to protect] the most vulnerable spots for identity management,” says Arti Pandit, chief customer experience officer at Verato. “That’s the biggest mindset shift we can have right now. Instead of asking where we should spend more time at the facility level or enterprise level, let’s start at the point of service level. Let’s prevent duplicates first. Your implementation might be facility level, but why not do a blanket approach to avoiding duplicates altogether?

“Think local, act global,” she adds. “We can’t stay in silos. Train your staff to think globally and allow them to see the global view of that patient.”

Framing the Program
When it comes to the framework of an effective patient identity management program at the facility level, Pandit advises provider organizations to approach it from a dual human-technology perspective that starts with assembling the right team to oversee the process. This ideally would be led by HIM and include representation from patient access, data management, patient experience, and IT.

HIM is best suited to lead patient identity management because “they are so obsessed by quality and pristine nature of [patient] identity that they will make sure that no stone is unturned,” she says. From there, “holistic person care should be one of the goals or objectives of the project. Then when these teams come together to work on it, or to revisit their work done to date on the identity journey, it changes the conversation in the room.”

Pursley agrees that a multidisciplinary, collaborative team approach is most effective. The team ideally should also be composed of individuals who are “intimately familiar” with how the patient identity process works—and who can articulate the importance of patient identity management to a broad audience.

“It’s not only about data quality. It’s ultimately about ensuring that the patient’s information gets to the right place at the right time for care,” she says. “This team really should focus on making connections between various stakeholders in the organization, such as clinical, administrative, and financial. It’s a tall order, but [health information] professionals are uniquely poised to serve in this leadership position because we are educated in data integrity, and we already work across the lines in our organizations.”

Once assembled, the patient identity management team should focus on implementing strong data governance and creating standard policies and procedures that allow the organization to take a proactive approach to identifying errors “instead of waiting for them to come to you,” Pruente says.

She also advises that the team create “close ties with patient registration and a feedback loop with those teams—education for staff about errors created, common reasons for creation, errors to look out for, and looking at the cost of overlays and duplicates to keep attention on those areas.”

Pruente also recommends encouraging patient participation in the patient identity management process. For example, encouraging patients to use their legal names and current demographics during registration, requesting validation of information prior to leaving a visit or within the patient portal, and asking them to provide as much data as possible when staff are searching for their record.

Additionally, “foster collaboration among facilities, adopt industrywide standards, regularly audit and assess the accuracy of patient data [and] provide avenues for corrections,” she says, adding that it’s important to “create good relationships with outside teams like HIEs to support corrections when errors are found so those errors don’t remain in outside sources.”

The Technology of Patient Identity
Given the complexity and volume of patient identity data passing daily through the average health care facility, technology is a critical component of any patient identity management program. Ritchey recommends a platform that links all a facility’s disparate data sources within its medical record, registration, population health, and other systems to allow for data normalization within the MPI/EMPI. This allows data to be aggregated into a single holistic view of the patient whenever and wherever they’re needed.

“In order to do that,” he says, “you need to be able to implement a platform that is cloud based and has all the modern abilities for interoperability using Fast Healthcare Interoperability Resources (FHIR) or other appropriate integration tools so that all those disparate data sources have an easy way in and out to be able to deliver that identifier. That’s one of the advantages of a modern architected … cloud platform. You would be able to plug and play more easily across those disparate data sources in a very complex ecosystem.”

Health care organizations should also explore some of today’s more advanced patient identification technology tools like biometrics which, according to Reilly, “by far can’t be beat.”

Pruente also points to biometrics as an ideal identity tool. However, she says, the most important aspect of patient identity management technology is the sophistication of its patient matching algorithms. Processes should be put in place to check the quality and accuracy of any automated tools to ensure they are performing optimally and to correct any identified errors, which may entail collaborating with IT. She also recommends pulling sample extracts of the MPI/EMPI and conducting frequency analysis on key demographic fields looking for common values, then “building those exclusions into the algorithmic logic to eliminate noise in the patient matching algorithm checker.”

Wide-Ranging Impacts
At its core, patient identity management is about patient safety. However, the integrity of patient data affects everything from value-based care to the revenue cycle to provider and patient satisfaction to the return on investments into advanced technologies.

“When you start thinking about building a digital front door strategy, or you start thinking about moving all your computing to the cloud … before you do that, get an identity platform in place so that you have at the base level this seminal idea of identity so those systems can be successful and you can get the value from them that you’re seeking,” Ritchey says.

“We see over and over again … if we do the identity data management first and have that clean data to put into all these new investments, it’s a recipe for heavily accelerated adoption and time-to-value,” he says, adding that clean patient data “drives everything else that you do, otherwise it’s just garbage in, garbage out, or whatever your metaphor would be.”

— Elizabeth S. Goar is a freelance health care writer based in Wisconsin.