Getting to Know You
SINCE CONGRESS PASSED an omnibus appropriations act
for fiscal year (F Y) 1999, Public Law 105-277, the Department
of Health and Human Services (HHS) has been prohibited
from spending funds to promulgate or adopt any final standard providing for the assignment of a unique health identifier for an individual (except in an individual’s capacity as an
employer or a healthcare provider) until legislation is enacted specifically approving the standard.
1 Although there has
been a ban on developing a unique patient identifier solution
or an effective patient matching strategy for almost 20 years,
private industry has not held back efforts to engage in patient
identification and matching initiatives.
With a ban on unique patient identifier solutions firmly in
place by law, the passage of the Health Information Technology for Economic and Clinical Health (HI TECH) Act, enacted as
part of the American Recovery and Reinvestment Act (ARRA)
of 2009, was signed into law to promote the adoption and
meaningful use of health information technology (health IT).
The passage of this law injected billions of dollars towards the
adoption, implementation, and meaningful use of electronic
health records (EHRs).
Accelerating the implementation and use of EHRs, mobile
applications, medical devices, and telehealth assists in improving healthcare costs and patient safety, reduces duplicative tests, and increases patient engagement—among other
benefits. With the deployment of such technologies, however, comes the increased need for accurately identifying and
matching patients across disparate systems in order to yield
the benefits they are supposed to bring to patients, providers,
and other caregivers.
In December 2016, Public Law 114-255, also known as the
21st Century Cures Act, was enacted and authorized $6.3 billion in funding, mostly for the National Institutes of Health
2 More specifically, Section 4007 Government Accountability Office (GAO) Study on Patient Matching directed the
GAO to conduct a study to review the policies and activities of
the Office of the National Coordinator for Health Information
Technology (ONC), as well as other relevant stakeholders and
appropriate entities, to ensure appropriate patient matching
to protect patient privacy and security with respect to EHRs
and the exchange of electronic health information. Beginning
in December 2017, the 21st Century Cures Act also directed
the GAO to evaluate current methods used in certified EHRs
for patient matching based on performance related to factors
such as the privacy of patient information, security of patient
information, improving matching rates, reducing matching
errors, and reducing duplicate records.
The GAO should assess whether ONC could improve patient
matching by taking steps such as defining additional data elements to assist in patient data matching, agreeing on a required minimum set of elements that need to be collected and
exchanged, requiring EHRs to have the ability to make certain
fields required and use specific standards, and other options.
Finally, GAO must submit to Congress a report regarding the
findings of the study no later than two years after the law was
Private Industry Steps Up to the Challenge
Despite Congress’ efforts to prevent HHS from developing a solution to “promulgate or adopt” a standard for the assignment
of a unique patient identifier, private industry has stepped up
efforts to address this gap within health IT—though the success of these initiatives has varied. For example, the College of
Healthcare Information Management Executives (CHIME), established in 1992 as a non-profit professional organization for
chief information officers and other senior healthcare IT leaders, launched the “CHIME National Patient ID Challenge” in
early January 2016. This challenge presented a $1 million global
competition aimed at incentivizing innovators to develop a private, accurate, and safe system to achieve 100 percent accuracy
in identifying a patient. A variety of use case scenarios were
provided to the contestants and were grouped into two broad
categories. In the first category, Identification and Use Case Scenarios, potential solutions needed to address situations such as
a patient trying to use a stolen insurance card, a non-English
speaking patient, a patient arriving at the care location without
identification, and other scenarios.
The second category addressed security and fraud management, where potential solutions needed to address scenarios
such as theft of enrollment data, activity on a deceased patient’s
record, breach of patient data hub, and others. In addition to
the scenarios, contestants needed to provide detailed responses
to questions dealing with support for privacy and anonymity,
patient enrollment and identification, security and fraud management, scalability, adoptability, implementation, and other
valuable features and functionality that would be considered
value-added to differentiate an organization’s solution.
Guidelines in this challenge included looking for the best
plan, strategies, and methodologies that accomplish:
Easily and quickly identifying patients
Achieving 100 percent accuracy in patient identification
Protecting patient privacy
Protecting patient identity
Achieving adoption by the vast majority of patients, pro-
viders, insurers, and other stakeholders
Scaling to handle all patients in the US
In May 2017, CHIME announced the finalists who were se-
lected to proceed to the Prototype Testing Round (two rounds)
that lasted several months. A grand prize winner was expected
to be announced by the end of 2017, but in November CHIME
suspended the challenge, saying the contest “did not achieve
the results we sought to this complex problem,” according to a
CHIME press release. In the challenge’s place, CHIME will be
developing a Patient Identification Task Force that aims to find
a national patient identification solution that “accurately identi-
fies a patient 100 percent of the time.” CHIME encouraged par-
ticipants in the challenge to join the task force. The four finalists
1. Michael Braithwaite—proposal achieves patient identification through the use of multiple biometric technologies.
2. Bon Sy—proposed solution identifies patients by analyzing
a combination of behavioral and biometric information.