Blog

Search Our Site

Mar 10

The Role of Accurate Patient Identity in Continuity of Care

March 9, 2017 / by Catherine Schulten

Continuity of care is a critical component of a patient-centric care model. In order to be highly functional, this system must include a national patient identity system that works for all individuals and that relies on existing standards and best practices (FICAM, NIST, NSTIC) without the heavy overhead and expense inherent in burdensome federal regulations.

When healthcare networks aren’t communicating with one another how can we expect quality, cost-effective care?

Achieving continuity of care will require not only the collaboration of physicians, but will also require the “de-fragmentizing” of our Healthcare IT systems. Disparate HIT systems, specifically EHRs, need to establish a common foundation upon which they can effectively and accurately communicate PHI/PII between, and within, care networks.

Accurate patient identity proofing coupled with patient matching is essential

Multiple obstacles exist that prevent us from implementing an unhindered patient identity management structure. Prominent challenges include existing low-tech manual patient registration activities which contributes to the creation of dirty data (including keystroke errors, misspellings and the unintended creation of duplicate/overlay records). The presence of dirty data within the record is a patient safety risk, a clinical dis-satisfier, and an administrative nightmare at all care locations – large and small. Another challenge is that each EHR may know the patient by different internal enumerators, including account numbers and medical record numbers – each enumerator varies between facilities and systems. Additionally, a patient’s demographic details vary and aren’t dependable, including name spelling, the use of nick names, outdated vs. current addresses, accidental data transpositions and other errors.

All of these are overriding elements that obstruct the progression of value-based care by causing absolute matching to be a challenge across healthcare facilities and systems. The result is that physicians don’t have access to PHI needed at the point of care due to systems not being able to reliably match the patient’s identity from one system to the next. Even when physicians gain access to MRNs from other locations, there’s no guarantee the referenceable patient information is 100% correct or historically complete.

Reducing fragmentation and increasing data accuracy is the first step

Continuity of care can be achieved through a trusted patient identity system that allows health care organizations to know their patients as a “whole”. Patient identity assurance and interoperability is achieved via multi-factor authentication – the design that confirms the patient’s claimed identity by utilizing at least two different identity factors (something you have, something you know, something you are). Patient tokenization serves as the “1 patient, 1 record” or “1 patient, all correct records” concept. In this environment, the patient-physician relationship is better established due to the access of data via the token, supporting the quality of care provided.

In addition, physician PHI communication, or sharing, has a better platform to run on. Rather than relying on rules-based search and matching of a patient within the local EHR or depending on the HIE to discern matching probabilities, the patient’s token and trusted identity system becomes the deterministic “source of truth” for all locations.

Accurate patient identity is absolutely essential when exchanging patient information. Without high assurance that a patient is, in fact, who they claim to be and the medical records linked to that patient are correct, the patient’s token is no longer reliable. Federal regulations do not mandate strong patient identity proofing today, but other regulating bodies including the ONC, NSTIC, FICAM and others have elaborated on the importance of setting a strong identity foundation for exchange in the digital evolution.

Rethink what “accurate patient identification” does for continuity of care

Continuity of care is successful upon two key elements; a continuous relationship between health care organizations and their patients, and the seamlessness of care provided across the network. We set out to improve the patient experience, and we want to provide the infrastructure for predictive and thoughtful care to increase positive outcomes of our patients. We must improve identity management in healthcare to make these aspirations an actuality.

For those interested in more information, I encourage you to read the Accurate Patient Identity white paper that describes how patient identity serves as the basis for health information exchange, continuity of care and patient safety.




Catherine Schulten About the Author

Catherine Schulten is VP of Product Management at LifeMed ID where she is responsible for orchestrating product roadmap initiatives and ensuring that LifeMed ID’s solution offering meets industry user needs. Catherine has over 25 years of health information technology experience addressing industry challenges from revenue cycle, HIPAA transactions, fraud, waste and abuse, and patient identity management. She has served as a WEDI board member and has co-chaired several WEDI workgroups.
Oct 6

Methods of Enhancing Patient Matching Processes

October 6, 2016 / by Catherine Schulten

In early September, the Interoperability Task Force (IXTF) in conjunction with HITPC and HITSC (Health IT Standards and Policy Committees) sent Dr. Washington (the new National Coordinator for Health Information Technology) a letter describing their charter and recommendations. Not surprisingly the #1 priority need identified from this group was the ability to identify patient's nationwide.

The Task Force held several meetings and subgroup calls that identified 8 distinct priority needs across the 5 use cases detailed in Appendix B:
  • Ability to identify patients nationwide
  • Ability to locate relevant patient records
  • Ability to locate and identify providers
  • Ability to access and interpret consents/authorizations
  • Ability to exchange health information
  • Ability to encode data that is syntactically and semantically interoperable
  • Ability to effectively utilize health information
  • Governance


Appendix B describes identifying patients as consisting of the following elements:
  • Capture standardized demographics for patients
  • Patient matching algorithm
  • Show how to communicate with patients
  • Ability to exchange health information
  • Show proxy relationships and how to communicate with them
  • Show authenticated devices and how to communicate with them


And while the IXTF brought this important topic to light, once again we observe that the mechanisms by which to achieve this goal remain stuck in legacy thinking: a national agreement on demographic attributes and matching logic by which to establish patient matching.

It has been noted by the Sequoia Project that a match rate of 95% to 98% may be the upward limit of accuracy that any healthcare organization can hope to achieve. Once this match rate was identified, a cross-organizational maturity model involving data governance, data cleaning/normalization and supplemental identifiers (just to name a few) were included in the design.

If the best we can hope to achieve is 98% matching accuracy and 2% of the records continue to be mismatched, overlaid or otherwise discounted during a search and match attempt, then it’s time that the industry look at another way to solve this challenge.

We’ve seen that the industry is anticipating a solution that will solve the patient identity challenge once and for all:
  • The CHIME Challenge seeks to “ensure 100% accuracy of every patient’s health info to reduce preventable medical errors and eliminate unnecessary hospital costs/resources”
  • The Sequoia Project in collaboration with the Care Connectivity Consortium drafted a Framework for Cross-Organizational Patient Identity Matching wherein they state “Without a national patient ID system, we must focus on optimizing the current patient matching strategies.”


In order to achieve 100% matching accuracy, the current patient matching approach consisting of additional PII attributes, exhaustive attention to data quality and governance and world class matching algorithms won’t get the healthcare industry there. The only way to achieve this is through the use of what is known as a deterministic match. In other words, a 1:1 match with no chance for a false positive or false negative. Fortunately, this type of design has been in place for years.

As an example, consider your ATM and PIN code. You can withdraw cash from any ATM machine across the U.S. and even globally with a card that was issued by your bank and a PIN code that you personally established. When using your card, the funds are withdrawn directly from your account. There aren’t instances where funds are drawn from an account from someone who has a name similar to yours or who has a checking account that is 1 or 2 digits off from yours. The combination of the card and PIN results in only one match.




Catherine Schulten

About the Author

Catherine Schulten is VP of Product Management at LifeMed ID where she is responsible for orchestrating product roadmap initiatives and ensuring that LifeMed ID’s solution offering meets industry user needs. Catherine has over 25 years of health information technology experience addressing industry challenges from revenue cycle, HIPAA transactions, fraud, waste and abuse, and patient identity management. She has served as a WEDI board member and has co-chaired several WEDI workgroups.
Sep 28

ONC Publishes Nationwide Interoperability Roadmap

September 28, 2016 / by Catherine Schulten

The Office of the National Coordinator (ONC) published a nationwide interoperability roadmap that contains milestones, calls to action and commitments that healthcare organizations should be adopting in order to advance verifiable identity and authentication of all participants.

From today and into 2017, organizations should be focusing on improvements around how they send, receive, find and use priority data domains to improve health care quality. The objective states that 65% of Healthcare Organizations (HCOs) must permit patient access to patient portals via username and password plus KBA or emerging technologies in lieu of passwords to reduce vulnerabilities in identity theft.

Between 2018 and 2020, at least 50% of HCOs should have implemented identity proofing and developed authentication best practices. By 2024 90% of all HCOs need to be able to support the creation of accounts for caregivers, proxies and personal representatives.

The ONC's Roadmap specifically references National Strategy for Trusted Identities in Cyberspace (NSTIC) as a public-private collaborative whose overarching goal is the elimination of passwords because as they state “‘usernames and passwords are broken; most people have 25 different passwords, or use the same one over and over, ‘creating system vulnerabilities and increasing identity theft.”

These requirements are addressed through identity proofing, best practice authentication, and the replacement of a username/password paradigm with a multi-factor identity design that involves any one of a number of identity token modalities from card based to biometric to mobile.

Multi-factor authentication replaces the common and easy-to-hack username/password design with one that is easy for the patient to apply and is affordable for the HCO to implement and manage. The use of the patient’s own mobile phone running a secure mobile application allows the patient to assert their identity both in person or online without ever having to exchange a single piece o Personally Identifiable Information (PII). The 2nd factor in the form of a biometric or PIN code confirms the identity of the individual.

Identity proofing and authentication best practices requires that the HCO know who the individual is. This is accomplished today through the use of a NIST LOA3 design that allows the registration clerk to accurately and rapidly confirm the individual’s identity, address and identity documents (such as their driver’s license).

Healthcare delegates or proxies serve a crucial role in the care for their family members and ensuring that properly identified caregivers have the right to view, download and transmit the electronic information about the patient in their care is necessary to support patient privacy while promoting ease of data access when it is appropriate.

Fortunately, one need not wait until 2017 to begin addressing these milestones because solutions exist today.




Catherine Schulten

About the Author

Catherine Schulten is VP of Product Management at LifeMed ID where she is responsible for orchestrating product roadmap initiatives and ensuring that LifeMed ID’s solution offering meets industry user needs. Catherine has over 25 years of health information technology experience addressing industry challenges from revenue cycle, HIPAA transactions, fraud, waste and abuse, and patient identity management. She has served as a WEDI board member and has co-chaired several WEDI workgroups.

Latest Comments