A Mismatch Made in America

When patients and their medical records are out of whack, it causes harm and wastes money. American attitudes about privacy—and the multitude of competing provider organizations—makes the patient matching problem hard to fix.

The patient’s kidney had already been removed by the time the surgeon realized that, in fact, there was no tumor. The mistake in the operating room of Saint Vincent Hospital in Worcester, Mass., occurred when the CT scan of one patient got mixed up with that of another patient with the same name.

The July 2016 incident was widely reported a few months later when regulators swooped in to investigate exactly what happened. Most people who read the accounts probably thought it was a rare snafu.

Snafu, yes. Rare, no.

Every day in hospitals and medical clinics across the country, physicians assume that when they click into an electronic medical record, they have an accurate picture of the patient’s health history, diagnoses, medications, test results, and other information. That is a false and sometimes dangerous assumption to make.

The problem is called patient matching, and it would be considered health care’s dirty little secret except that lots of groups—the Joint Commission, National Academy of Medicine, ECRI Institute, National Patient Safety Foundation, Bipartisan Policy Center, the Pew Charitable Trusts, and others—have been talking about it for years.

The most serious match error is when the medical records of two individuals with the same or similar name get merged together, leading to erroneous organ removals and other nightmares. Much more common is the creation of duplicate records; Mary Elizabeth Smith, M. E. Smith, Mary E. Smith and Liz Smith refer to the same individual, but her health information is filed in four separate records—and neither patient nor physician is aware of the missing data points as they discuss diagnoses and treatment decisions.

On average, nearly one in five patient records within a single organization are duplicates, according to a 2018 survey from Black Book Market Research. The match problem gets worse when organizations try to share patient records. Even if two facilities—say, a physician’s office and a hospital—share the same EHR system, match rates may be as low as 50%, according to the Office of the National Coordinator for Health Information Technology.

Patient matching is not just a safety issue. It’s also yet another culprit in this country’s health care cost crisis. If a hospital can’t confidently match a patient awaiting surgery with the records from her primary care physician and gastroenterologist, better to do another set of imaging studies just to be safe.

“No society seems to be able to coordinate care or control costs without having some mechanism of matching patients,” says John D. Halamka, MD, chief information officer at Beth Israel Deaconess Medical Center.

Any hope that better technology is the solution was dashed in 2017 when the College of Healthcare Information Management Executives gave up on its National Patient ID Challenge. Two years earlier, it had offered $1 million to anyone who could come up with technology that could privately, accurately, and safely confirm a patient’s identity 100% of the time. No one won the million dollar prize.

That’s because the patient-matching problem reflects how the American health care system is organized, or, more accurately, unorganized, says Shaun Grannis, MD, director for the Regenstrief Institute Center for Biomedical Informatics in Indianapolis and an associate professor at the Indiana University School of Medicine. “This is not a technical problem to solve,” he says. “This is a social-political-economic problem.”

Backlash against unique identifier

It’s also a problem that suggests that providers’ independence and patients’ privacy are more important than patient safety. Virtually all health care organizations have adopted electronic health record technology in the past two decades, but each gets to decide which patient information to collect. Collection of names and addresses is ubiquitous, but spotty for Social Security numbers and email addresses. Each organization decides for itself pretty much how information will be entered; some go with “123 Main St., New York, NY” in one field while others put each data element in its own field.

The inconsistencies melt away in most developed countries, where each patient is assigned a unique identifying number. That makes it easy to distinguish one Karl Andersson from another, even if the patient’s name gets misspelled in the electronic health record and his address is outdated.

“We’re the last developed country without a national patient identifier,” Grannis says. “When you look throughout Europe, in countries where there is trust in the governmental system and general heterogeneity in culture and laws, this is easy to do.”

In the United States, not so much. HIPAA, signed into law in 1996, required HHS to establish a “unique patient identifier” (UPI) system, but America wasn’t having it. Backlash about privacy concerns was so strong that Congress nixed the idea.

Indeed, for nearly two decades, budget appropriations language actually prohibited HHS from engaging in any conversation pertaining to a UPI. That changed in 2017, when Congress admitted that patient-­matching is “one of the most significant challenges inhibiting the safe and secure electronic exchange of health information” and instructed HHS to help the private sector figure it out.

A few months later, Halamka and coauthors wrote a New England Journal of Medicine op-ed urging HHS to advocate that Congress overturn its prohibition against a national patient identifier. He doubts that a universal, mandated UPI will ever fly, but a voluntary option—something akin to TSA Precheck—might work. “A voluntary mechanism would get around a number of the privacy concerns because you get to decide if you want safe, coordinated care,” he says. “It’s totally up to you—if you want expensive, unsafe, poor-quality care, go for it.”

Halamka and other experts on this issue say we need a nationwide patient-matching strategy that gets hospitals, physicians, information-technology vendors, and everyone else using the same approach. In 2017, Halamka convened the nation’s top patient-matching experts to outline what is needed to get started.

Writing in the Journal of AHIMA (the American Health Information Management Association), Halamka and many coauthors came up with a long list of essential steps, starting with identifying a “trusted organization”—defined as a “neutral coordinating organization with balanced stakeholder representation”—to manage a nationwide strategy.

Reading palms

Some health systems can’t wait for a national strategy, so they are creating their own one-off solutions. That’s the situation for Harris Health System, the safety net hospital system in Houston.

In 2011, it had records for 2,488 patients named Maria Garcia, 231 of which had the same date of birth. Some—maybe many—of the records were probably for the same person, but the word “probably” gives pause.

That year, Harris started using biometric technology—palm-vein scans—to create a unique image tied to a unique number for each patient’s record. By now, more than 90% of the patients who come to a Harris facility have been scanned, says Amber Wingo, Harris’ administrative director of revenue cycle and patient-access systems.

Patients no longer have to show an ID card when they seek care; they just raise their hand to a palm reader, state their date of birth, and are matched to their record (no fortunes get told). “Patients love it,” says Wingo.

Meanwhile, Northwell Health, the largest health system in New York State, just started using iris and facial scans to improve patient matching, and hundreds of hospitals use a finger scan for the same purpose.

Ben Moscovitch, the Pew Charitable Trusts’ project director for health information technology, has spent the last three years heading an in-depth study of the patient matching problem. While patients in Pew’s focus groups overwhelmingly want biometrics to solve patient matching, that’s a long-term solution if it ever happens, he says.

While biometrics can help an individual organization match its patients to the right records, that approach does nothing to match records between organizations; the palm scan used by Harris does not correlate with the iris scan used by Northwell. And getting the country’s health care organizations to settle on a single biometric technology? Hard to imagine that ever happening.

Where’s the gee-whiz factor?

In the near term, Moscovitch favors something doable but with no cool, gee-whiz factor: data standardization. The idea is that if health care organizations were to collect certain, very basic pieces of patient information—say email addresses or names—in exactly the same way, algorithms could use them to match a greater number of records.

It’s been suggested for years that data elements need to be standardized, but no one knew how many or which ones. That hurdle was crossed last year when Grannis’ research, funded by Pew, found that patient match rates increase significantly when just two elements—last name and street address—are standardized.

Getting health care providers to agree, say, that my last name will be entered as “BUTCHER” and that street addresses would conform to U.S. Postal Service standards (for example, Lane is LN and Boulevard is BLVD) seems doable. That is, until you read the Government Accountability Office’s report, “Challenges to Electronically Matching Patients’ Records Across Providers,” issued in January. Several stakeholders interviewed for the report liked the idea of data standardization, but they saw problems, starting with the difficulty of agreeing on what standards to adopt.


Pew, which is trying to help America’s $30 billion investment in electronic health record technology pay off, is committed to advancing the idea. It will continue researching data standardization for the next three years.

“We also intend to work with a variety of stakeholders, including health system organizations, technology developers, and others to advance data standardization and to encourage ONC to advance demographic data standardization,” Moscovitch says.

For example, the federal government could incentivize EHR vendors to support a standard way of entering the “last name” and “street address” fields, Grannis says. Without that, every health system will continue to make up its own rules.

“In order for this to work, everybody needs to do it,” he says.

Lola Butcher writes about health care policy and business topics. She lives in Springfield, Mo.