1 Introduction
Patient identification is the process of “correctly matching a patient to appropriately intended interventions and communicating information about the patient’s identity accurately and reliably throughout the continuum of care” [1]. Patient identification encompasses not only the physical identification of the patient but also technologies able to enhance the accuracy of patient identification [1]. The main attributes of ideal patient identifiers have been described as unique, ubiquitous, and unchanging in their nature [2]. Different technological approaches and practices and operational processes that optimize accurate patient identification are necessary to meet the increasing and diverse demands for the use and reuse of data by various stakeholders [3].
Today, lack of widely adopted operational principles and limitations in processes and technologies result in inaccurate patient identification [1]. Lack of accurate patient identification can affect clinical decision-making, treatment, patient outcomes, patient privacy, and results in duplicative testing and increased costs [4]
[5]
[6]
[7]. When a patient is incorrectly matched to another patient’s record, patient care and safety are jeopardized as incorrect data can cascade to a multitude of internal and external systems and databases such as laboratory, radiology and health information networks [8], potentially leading to laboratory, imaging, and medication errors as well as wrong-site surgeries. Similarly, with the existence of multiple records for a single patient, clinicians can miss critical information because it is in the duplicate record [9]. In both scenarios, care decisions are based on an incomplete or erroneous picture of the patient’s medical history because data is not accurate or reliable.
Healthcare organizations vary in how they collect and identify patients. Globally, some countries use unique patient identifiers (UPIs) to assist with patient identification while the United States (US) prohibits the use of a national UPI due to privacy and security concerns [9].
As the volume, velocity, and variety of health data continue to grow, accurately matching patients to their health data is a challenge that must be met to ensure care coordination across the continuum, enhance patient safety, ensure the appropriate use of resources, and foster successful data sharing and interoperability [10]
[11].
This paper explores current patient identification techniques used worldwide and the problems and challenges associated with unresolved patient identification and it offers recommendations for further study.
3 Methods
To inform the paper, the authors conducted a literature review for relevant peer reviewed and grey literature articles focusing on: 1) patient identification techniques adopted worldwide and 2) consequences and implications of unresolved patient identification issues published from January 2015 to October 2019 in Scopus, PubMed, Web of Knowledge, Web of Science, the Association for Computing Machinery (ACM) Digital Library, and the American Health Information Management Association (AHIMA) Body of Knowledge. Searches for grey literature (i.e. evidence not published in commercial publications, including but not limited to government publications, conference papers, and white papers) [12] on the topic were conducted using Google. Articles for the review were drawn from peer-reviewed journals, conference papers, consumer studies, health professional studies, research performed by independent research institutions, as well as systematic and narrative reviews of the various topics. A snowball approach was undertaken to identify additional sources of information.
4 Results
4.1 Patient Identification Approaches and Considerations
Ensuring quality health information has and will increasingly become complicated as new data streams are utilized and as organizations share records electronically using different information systems and standards [13]
[14]. Worldwide, there are several different patient identification approaches, techniques, and solutions including UPIs and algorithms. At the same time, technological and methodological innovations have introduced new approaches such as referential matching, biometrics, and radio frequency identification device (RFID) technologies as ways to further improve techniques for patient identification [4].
Below we examine a variety of techniques utilized to address patient identification.
4.1.1 Unique Patient Identifiers (UPIs)
Many healthcare systems outside of the US have adopted nationwide initiatives to implement UPIs. Such approaches are common in Europe including England, Wales and the Isle of Man [15], Denmark [16]
[17], Estonia [18]
[19], and more recently Spain [20] and Ireland [21]. Outside of Europe, UPIs are common in such countries as New Zealand [22], China [23], and Israel [24], all of which use their National Identifier (ID) as their patient identification number. However, even though UPIs are widely implemented and constitute a preferred method due to reduced reliance on patient attributes for patient matching, the challenges of generating and implementing UPIs often lead to limited implementations within institutions compared to other care settings [4]
[14]
[25]
[26]. Privacy concerns are also often cited as a major concern in implementing UPIs [25].
In Singapore, the National Registration Identity Card—the UPI identified for use—was not sufficiently ubiquitous to be used as an identifier as 28% of the Singaporean population are non-residents and therefore not required to have an identity card [34]. In Canada, because healthcare is funded and governed at the province-level and every province has different regulatory frameworks, the deployment of a nationwide UPI proved difficult [34]. As a result, patient registries, which support the centralized storage and retrieval of patient identification data, are used to identify patients in conjunction with an enterprise-wide master patient index (MPI), data quality remediation, and governance policies [15].
In the US, long-standing policy barriers have hindered adoption of a unique patient identifier. In 1996, the Congress passed legislation calling for the adoption of a UPI [27]. However, due to privacy and security concerns, the Congress included statutory language in an annual appropriations bill limiting the promulgation or adoption of a UPI [28]. Since then, the statutory language has remained and hampered the US Department of Health and Human Services (HHS) from engaging in rulemaking to adopt a UPI standard. Despite this ongoing limitation, the Congress recently included report language in the 2020 spending agreement encouraging HHS to provide technical assistance to private sector-led patient identification initiatives and directed the Office of the National Coordinator for Health Information Technology (ONC) to 1) submit a report to the Congress on the technological and operational methods that improve identification of patients [29], and 2) recommend actions increasing the likelihood of accurately matching patients to their health data. Inclusion of the report language may continue to help foster private sector-led initiatives focused on patient identification and help identify and implement important policy levers to further advance a nationwide patient identification strategy in the US.
4.1.2 Algorithmic Approaches
Algorithms are another common approach to matching patients to their health information using demographic characteristics including: first name, last name, gender, date of birth, social security number (in the US), and address [30]. Algorithms range from basic, i.e., deterministic matching involving a unique identifier coupled with a limited number of non-unique identifiers (e.g., date of birth) that are compared to identify exact matches, to more sophisticated probabilistic matching techniques that use threshold limits [7]
[31]. The complexity of such algorithms varies widely, may be vendor-specific and dependent on the customization added to the base installation of an electronic health record (EHR) system [32]. While matching algorithms can achieve matching rates approaching 90%, they are not perfect and do not represent a 100% accurate patient matching solution [30]
[33]
[34].
Inaccurate or incomplete patient demographic information can hinder the enhancement of algorithmic accuracy [35]. Occurrences of inaccurate or incomplete demographic data can be the result of: lack of best practices in collecting demographic data at registration, variations in organizational and health information technology (IT) vendor policies and processes in how demographic data are collected, failure by patients to provide the correct information at registration (e.g., register with nickname versus legal name), and failure to update patients’ information when their demographic information changes (e.g., address, phone, email, and name change) [36]. Transcription and free text errors can also limit algorithm accuracy including spelling variations, phonetic variations, double last names, double first names, and alternate first names [37]
[38].
Standardized data elements are also generally needed to optimize matching algorithm accuracy (e.g., telephone number, date of birth, address) [39]
[33]. Lack of standardized demographic data elements across institutions and care settings can exacerbate the “syntactic heterogeneity of data,” making matching algorithms less effective [32]
[33]. Evidence suggests that standardizing certain demographic data elements could improve match rates [33].
4.1.3 Referential Matching Software
Beyond algorithmic methodologies, a growing number of organizations are implementing add-on technologies including referential matching software to increase odds of identifying patients correctly. Referential matching software is a data augmentation where a third-party service provider adds an additional layer of demographic data (typically from outside of healthcare) including datasets from credit reporting and public utilities that are routinely updated and maintained to enhance patient matching [31]. Companies involved in such technologies report match rates as high as 98 and 100%, however such rates have not been independently verified [31]
[40]. Concerns have been raised that referential matching could lead to clinicians and payers having access to personal and financial information, including credit information. However, existing referential matching approaches do not appear to share patient health information outside of the healthcare institution [31]. Accuracy of non-health information such as data from the US Postal Service and the Social Security Administration used by matching software is also a concern for clinicians and patients [31]. Referential matching also has limitations related to certain patient populations including children, homeless individuals, and undocumented immigrants because data sources used for referential matching do not contain or have limited information on these populations [31].
4.1.4 Biometric Identification Systems
Limitations with UPIs and matching algorithms have led to the exploration of other add-on technologies including biometric identification technologies. Such approaches include fingerprints, palm vein scanning, iris scanning, and facial recognition [41]. Biometric identification technologies are advantageous because biometrics data is more difficult to “steal, exchange or forget” [25]. Biometric technologies are increasingly being used to identify patients in the US [2]. However, they are not without limitations. Research suggests that biometric methods to date for infant identification including eye scanning, ear and face recognition, and finger and palm-based methods solutions are not as effective as with adults since such features are difficult to capture and subject to change during child development [42]
[43]. In Europe, biometric technologies also raise ethical and legal considerations [44]. The General Data Protection Regulation (GDPR) identifies biometric information as a “special” category of personal information meriting protection that is explicitly prohibited from use for the purpose of identifying an individual unless for medical diagnosis or in the treatment or management of healthcare provided certain conditions are met [45].
4.1.5 Radio Frequency Identification
Additional emerging technologies, like radio frequency identification (RFID) are under exploration by hospitals to enhance patient identification. Unlike existing barcode technologies, RFID labels can hold more data than barcodes and be read automatically without user intervention [46]. Additionally, RFID technologies offer re-writeable functionality, allowing information to be modified, and require “no line of sight,” eliminating the need for human intervention [46]. RFID technologies also offer more advanced forms of data security than barcode technology, including encryption, allowing for patients’ health data to be kept more secure [46]. At the same time, application of RFID technology is not widespread as it can be cost-prohibitive [46], and lacks standards or guidelines for implementation within healthcare. RFID technologies also raise unique privacy concerns including the wireless transmission of patients’ health information after completion of healthcare services and collection of patients’ health data by third-party actors without patients’ approval or knowledge [47].
4.2 Discussion on Patient Identification Methods
The variety of patient identification methodologies is expansive and may include hybrid models that combine different methods described above. From the basic to the most complex methods, researchers agree that no perfect patient linkage solution exists and all the approaches present challenges that must be addressed [14]
[25]
[31].
In the US, these challenges are further hampered by existing legal and policy impediments. Lack of a perfect patient identity solution raises significant concerns. The literature review revealed three distinct themes associated with unresolved patient identification issues. The first theme focuses on how patient misidentification can lead to clinical errors or “near misses” which raises patient safety concerns. The second theme identifies financial, payment, and resource implications associated with patient misidentification. The third theme identifies the limitations patient misidentification places on data sharing and interoperability. Each theme is examined below.
4.2.1 Patient Safety
Failure to accurately identify patients raises patient safety and quality of care concerns across the care continuum from diagnostic testing to treatment [48]. A 2016 study classified over 7,600 out of 10,915 events from January 2013 to August 2015 as “wrong-patient events” involving patient identification [1]. Factors contributing to these events included admitting a patient under another patient’s medical record, creating a duplicate record at registration [49], pulling the record of a patient with a name similar to the intended patient, or asking about patient’s identity while failing to either check a patient’s identification band or ask for two acceptable forms of identification. More recently, the Joint Commission’s sentinel event statistics indicate 37 patient safety events out of 436 sentinel events have occurred due to patient identification errors in the second quarter of 2019 including surgical or invasive procedure events involving wrong patient, wrong procedure, and wrong site [50]. Failure to accurately match patients to their health information can lead to “false positives” when the medical records of two different patients are mistakenly matched [35] or “false negatives” when the records for the same patient are not matched. Duplicates are the result of several factors including varying methods of matching patient records, lack of data standardization, lack of policies and procedures, and frequently changing demographic data [39].
The existence of duplicate records can also lead to duplicative testing and treatments because of inaccurate or unavailable data. For instance, one hospital reported 30% of clinicians surveyed reordered tests because of lack of access to previous records [51].
4.2.2 Financial and Resource Concerns
Challenges associated with accurately matching patients to their health information raise financial and resource concerns. Repetitive tests and treatments are likely to add costs and impact timeliness of care delivery. From a revenue cycle perspective, there may be claims denials [52]
[53] and implementation of time consuming and costly processes to correct medical records [51]. Research indicates that between 10 to 15% of all health insurance denials are due to incorrect patient identification numbers [13].
4.2.3 Data Sharing and Interoperability
Patient misidentification raises data sharing and interoperability concerns as well. Historically, patient identification practices in the US have been fragmented and inconsistent [32]. Furthermore, hospitals report that difficulties in accurately matching patients to their health information across health IT systems limit health information exchange [54]. In turn, limited health information exchange can lead to clinical decision-making based on incomplete information resulting in increased chances of misdiagnosis, unsafe treatment, and duplicative testing [55].
Accurate patient identification may also have downstream implications for the secondary use of data for population health, quality improvement, public health, research and detection of waste, fraud, and abuse [11]
[56].
5 Some Recommendations
As new data streams are increasingly integrated into the clinical setting, unique, ubiquitous identifiers will become increasingly necessary. Patient identity management challenges include accurately matching patients within and across organizations including for research and clinical trials. To address the shortcomings of both current and emerging approaches, we offer the following recommendations:
Recommendation 1: Standardization of Data Elements
Additional research and study should be undertaken by non-profit, non-government institutions to identify and evaluate data elements (such as demographic data) that could further optimize the accuracy of matching algorithms. For example, in the US, recent suggestions have included adoption of US Postal Service certified address standardization rules [57] and patients’ cell phone numbers [34]
[56].
Recommendation 2: Evaluate Effectiveness of Referential Matching Approaches
Additional study and research are needed to evaluate the effectiveness of referential matching in improving algorithmic matching rates. Such research should include an analysis of improvement rates when using such software as well as identifying potential gaps in the use of such technology among certain patient populations (e.g., pediatrics, homeless, undocumented immigrants, etc.). Research should also include an examination of potential privacy risks to patients with the use of such technologies. Other areas for additional study include further study of RFID technologies and the potential use of big data analytics approaches (such as using Fuzzy algorithm (Levenshtein Distance) and MapReduce techniques) [3] for patient matching involving large repositories of data for better clinical decision-making.
Recommendation 3: Guidance on Preventing Adverse Events Related to Patient Identification Errors
Further steps can be taken today as regard to existing processes and practices to address patient identification errors. Practices that can enhance patient matching rates include requiring patients’ photos to be taken at registration and incorporating them into patients’ medical records so that they are visible to all clinicians across the enterprise, adopting a standard for entering temporary names for newborns in accordance with the Joint Commission’s elements of performance to enhance patient identification with infants, and implementing standard processes for how staff should record certain patient demographic data attributes including patients’ names and addresses [39]
[58]
[59].
