Electronic Healthcare Records , Governance & Risk Management , Healthcare
Bill Proposes Measuring the Accuracy of Patient Matching
Aim Is to Reduce Medical Mistakes and Breaches That Result From Mismatched RecordsPatient matching errors have dogged patients and healthcare organizations for years. Mistakes can happen when patient information, such a test results or immunization records, is matched with the wrong patient - perhaps one with a similar name and demographic information.
See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience
These patient matching shortcomings, which are currently unregulated, can lead to an assortment of mishaps affecting patient safety, privacy and other issues. A bipartisan pair of congressmen is again trying to address these long-standing issues - including medical errors, inadvertent data disclosures and denied medical claims - through a bill that aims to reduce patient matching errors.
Rep. Mike Kelly, R-Penn., and Rep. Bill Foster, D-Ill., last week introduced into the U.S. House of Representatives legislation that proposes to improve the standardization of patients' demographic elements entered into certified health IT products, such as electronic health record systems, through the establishment of a patient match rate.
The Patient Matching and Transparency in Certified Health IT Act of 2024, or MATCH IT, among its several provisions, would require the U.S. Department of Health and Human Services - in consultation with healthcare providers, EHR and other health IT vendors and patient advocacy groups - to develop a definition and standards for more accurate patient matching as well as to track patient match rates and document improvements in matching over time.
Although patient matching issues have gotten attention from government regulators and lawmakers in the past - including a Government Accountability Office report to Congress in 2019 - there is still no national strategy to ensure that patients are matched accurately with their medical records and no standard definition across the healthcare ecosystem to measure patient match rates (see: Patient Record Matching: Fixing What's Broken).
Previous efforts to address many of these issues - especially through other legislation - have been hindered in large part by a budget provision first enacted by Congress in 1999 and renewed annually since then. This provision bans HHS from developing or promulgating a unique national patient identification system.
When HIPAA was enacted in 1996, it required the creation of patient identifiers and other uniform standards for electronic data transmission to improve the reliability of health information. But due to privacy concerns, Congress dropped that requirement and instead has repeatedly restricted HHS from working on unique identifiers.
Kelly and Foster have previously introduced budget amendments to lift the funding ban on HHS, and they were passed by the House. But in each of those amendments, the provision was either not included or failed to pass the Senate (see: House Again Votes to Lift National Patient ID Ban).
"There has been a lot of excitement around the introduction of the MATCH IT Act, so we are very optimistic about its chances," said Cassie Ballard, director of congressional affairs at the CHIME College of Healthcare Information Management Executives - a healthcare CIO and CISO association that has been pushing for patient ID matching improvements for years.
"Standardizing patient information will make a meaningful impact on patient misidentification, and it’s something that people seem to get. In other words, it's a no-brainer," she said. "The next step is gaining additional co-sponsors as well as finding Senate champions."
Foster in a statement to Information Security Media Group said the legislation he and Kelly introduced aims to reduce patient misidentification instances "that cause thousands of unnecessary deaths" every year in U.S.
"This legislation would promote interoperability of patient matching systems, which would protect patients and decrease burdens on healthcare providers," Foster said.
Kelly did not immediately respond to ISMG's request for comment.
Complex Issues
Some healthcare security and privacy experts cautioned that improving the accuracy of patient matching is a complicated issue that requires more attention from healthcare providers, technologists and regulators.
Healthcare provider records may contain multiple identifiers, and health plans and other payers may use their own proprietary identifiers for patients.
In addition to patient safety risks, misidentification also frequently leads to HIPAA breaches and other privacy violations, including incidents involving "overlays" when multiple patients' data is inaccurately merged into another patient's record or mistakenly disclosed.
"It's a complex problem. While technology will play a very dominant role in solving this problem, it cannot be that technology will solve the entire problem," said Sunil Dadlani, CIO, chief digital officer and CISO at Atlantic Health System, a multihospital healthcare organization in New Jersey.
"It requires process. It requires regulation. It requires healthcare being a very regulated and complex industry where there are multiple stakeholders. So, no entity holds the patient data completely."
Keith Forrester, practice manager of strategy and risk at security firm Optiv, said any potential measures by HHS to improve to patient matching mesh with other recent regulatory moves by HHS focused on improving patient data security, privacy and safety.
"There's a big push now, especially with HHS focusing on cyber controls and saying, 'These cyber controls need to be put in place because they are going to affect patient safety.' There's a lot of work focusing on patient safety."