The intricacies of tackling the complexities of patient identity
Matching patients to their records is challenging because no national standard exists to assure that patient information refers to the same individual.
The promise of interoperability has always rested on a simple but profound assumption – that the data being exchanged belongs to the right individual. Without that foundation, even the most advanced exchange frameworks risk falling short.
While much has been written about the risks of patient mismatches — from duplicate testing to devastating clinical errors — the real question is how the industry moves forward. What will it take to ensure that identity is accurate, portable and trusted across every corner of healthcare?
To achieve progress, it will require healthcare stakeholders to work together to align on common approaches that strengthen identity assurance, resolution and trust.
No national standard currently exists to assure that those exchanging patient information are referring to the same individual. DirectTrust is helping address this by convening the industry to explore privacy-enhancing identification standards that could support patient matching as part of a broader identity ecosystem.
As the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) approach the 30-year mark, and as the healthcare industry inches closer to true nationwide interoperability, questions of patient identity can no longer be set aside. but the issue is complex. Meaningful progress requires industry partners to take the time necessary to develop a unified approach that’s widely accepted and widely adopted.
Patient mismatch is costly
The physical, emotional, and economic fallout of mismatched patient identification is evident, costing the U.S. health system more than $6.7 billion a year and accounting for more than one-third of denied insurance claims.
In 2021, because of a mix-up of biopsy slides, a male patient had his prostate removed, leading to urinary difficulties, in addition to the obvious anguish associated with a cancer misdiagnosis, surgery and recovery. The mishap also seriously impacted the other patient who thought he was cancer-free. In another case, a female patient treated at a hospital eight years earlier for a kidney infection started receiving bills for a different patient, a woman 60 years her senior who had recently undergone shoulder surgery. Although the two shared the same first and last name, they had different middle initials.
DirectTrust has long been recognized for advancing secure, identity-assured and standards-based exchange across healthcare. These efforts ensure that information can move safely between trusted parties, protecting data in transit and supporting nationwide interoperability.
While these data transfer methods can help ensure data security from endpoint to endpoint and during the transfer process, the accuracy of the data, telling the difference between John A. Jones and John G. Jones, for example, remains a work in progress.
One-to-one patient matching is complex
One-to-one patient matching faces two fundamental challenges. The first is federal legislation from 1999 that specifically banned funding for the industry to create a unique patient identifier.
Efforts are underway to solve the issue through federal legislation, the MATCH IT Act of 2025, that mandates standardization of matching to achieve a 99.9 percent accuracy rate and the potential for CMS bonuses to incentivize accuracy. DirectTrust is a supporter of the Patient ID Now coalition, a group that advocates for a national solution to patient matching that has drawn support from more than 50 organizations that represent every aspect of healthcare.
The second challenge is that establishing true identity is not a single issue but three interrelated issues.
Identity assurance. “You are who you say you are.” Identity assurance is the process of establishing confidence that an individual’s claimed identity is valid. It involves collecting identity attributes (such as name, date of birth or government-issued ID) and verifying them against trusted sources.
Levels of rigor, defined by NIST as Identity Assurance Levels (IALs), determine how much and what type of evidence is required. Higher levels (for example, IAL2 or IAL3) involve stronger verification methods and greater confidence. Healthcare focuses on IAL2.
The biggest challenge is with children and other individuals who lack documents (such as a driver’s license) that can support their identity claim. In these cases, NIST allows for IAL2 Assurance through either an “Applicant Reference,” who is identity-proofed first and can vouch for the identity of the person, or a “Delegate,” who has a demonstrable responsible relationship with the person. In both cases, a “Trusted Referee,” such as a notary or a lawyer could help to document and digitally sign the identity and relationship assertions. Work on processes is underway for enabling this to occur online.
Identity authentication. This is the same person associated with the identity or credential. Identity authentication is the process of confirming that the individual requesting access is the same person who previously established an identity and associated credentials. This is typically done through two or more authentication factors, such as passwords, security tokens or biometrics, to substantiate trust in digital interactions and reduce the risk of unauthorized access.
NIST also defines Authenticator Assurance Levels (AALs), with AAL2 and AAL3 being higher levels of confidence. The challenge will be that most healthcare authentication takes place using levels that do not meet AAL2 requirements, which requires two factors.
Identity resolution. These records are associated with this person holding the identity or credential. Identity resolution is the process of accurately linking data and records across platforms, systems and encounters, to a single correctly identified individual. It relies on verified identity attributes and advanced matching techniques to ensure that fragmented or duplicate records can be unified and attributed to the right person over time.
The challenge for healthcare is that many data and records currently are not stored with robust identity attributes attached to them, so they can still be mismatched, despite perfect Identity Assurance and Authentication. NIST recently released 800-63-4, and accepted several of DirectTrust’s recommendations submitted in response to their draft version, including collecting additional, valuable identity attributes including cell phone number and email, which can be used to improve the performance of matching algorithms.
A hands-on approach to matching
Absent federal policy, DirectTrust has assumed a leadership role in the development of a voluntary patient identifier standard, establishing the PEHRLS (Privacy-Enhancing Electronic Health Record Locator Service) Ecosystem Consensus Body. It seeks to convene stakeholders from across the industry to devise and adopt uniform standards.
The goal of PEHRLS is to identify and profile existing standards and create new ones as needed for a privacy-enhancing record locator process, along with the interactions of associated actors. This process is needed because currently there is no way of knowing where all of a person’s medical records are located and querying every location for every patient encounter is infeasible. The model should support a nationwide patient credential and patient-matching ecosystem.
The path to accurate, one-to-one patient matching will be challenging, but healthcare organizations are up for the challenge.
DirectTrust aims to work on solutions that promote a secure, privacy-enhancing and standards-based ecosystem. By fostering collaboration and supporting national alignment, it hopes to help pave the way for a future in which patient identity is reliably and accurately verified, every time, for everyone.
Kathryn Ayers Wickenhauser, MBA, FACHDM, CHPC, is Chief Strategy Officer for DirectTrust.