Patient Matching: Obstacles and Solutions for Critical Patient Data Requirements

Updated on August 22, 2021
Jay Sultan 270x270 jpg

By Jay Sultan, VP Healthcare Strategy, Lexis Nexis Risk Solutions

The 21st Century Cures Act, enforcement of which began Jul 1, 2021 requires providers to make patient data requests available through standards-based application programming interfaces (APIs) and avoid any efforts that could be construed by the Department of Health & Human Services as information blocking. The impetus is to empower individuals to take greater control over their care and choose providers and services that deliver a modern, consumer-like experience, and implementing standardized APIs that provide secure access is central to these demands. To achieve this, patient matching is critical.

Unfortunately, there remains considerable uncertainty around the ability to provide accurate patient matching. Enterprise master patient index (EMPI) or electronic health record (EHR) technology for providers, and master data management (MDM) for payers, also struggle to ensure true matches. Patient matching rates vary widely, with healthcare facilities failing to link records for the same patient as often as half the time.1  

For example: in 2018, a Black Book Rankings survey found that on average, 18% of an organization’s patient records are duplicates, costing an estimated $1,950 per patient and $800 per emergency department visit. It also found that a third of all denied claims resulted from inaccurate patient identification or information with the average cost to the hospital $1.5 million in 2017 and the healthcare system more than $6 billion annually.2

Aside from the threat of penalties from Cures Act enforcement, healthcare organizations are putting themselves in a position to complicate access to health information for patients and members, the very people interoperability and information rules intend to serve. Resultant deficiencies in patient matching deprive patients of their right to safe and effective care based on accurate and complete information. Furthermore, data-driven initiatives integral to improving patient experience, the health of populations, and the cost of care are unlikely to succeed.


Two practices essential to understanding the challenges of patient matching are underlinking and overlinking. Each has serious implications for compliance, safe, effective care, and even a healthcare organization’s reputation

Underlinking is employed among healthcare organizations to avoid improper disclosures of protected health information (PHI) under the Health Insurance Portability and Accessibility Act (HIPAA) and, more importantly, the danger of confusing two patients’ records and creating errors in delivering care.

Generally speaking, it’s safer to underlink than overlink. Up until now, there’s never been liability for underlinking, but that is changing due to the new regulations. There are now consequences for underlinking — being guilty of information blocking, violating the mandate that you share all of the data you have on a patient via the Patient Access API requirement if you don’t link the data fully.”

In the context of patient care and safety, underlinking is detrimental to the mission of ensuring that the right information is available at the right time at the point of care.

“With underlinking, you can see some of the examples of how that negatively impacts individuals. You only have to look at a few anecdotes — duplicative testing and unnecessary surgeries — to see negative impacts for people with complex conditions. There’s no real coordination of the data, which exists in all these different locations, let alone the care. It’s bad for the patient,” adds Courtney Timmons, Director of Market Strategy, LexisNexis Risk Solutions.

Healthcare industry trends exacerbate the problem. First, patients are seeking care at disparate healthcare facilities — minute clinics, urgent care centers, even virtual care solutions, making having a complete picture of a person’s health increasingly difficult. Second, industry consolidation of provider and payer organizations through mergers and acquisitions means new data is being integrated into existing systems, further complicating efforts to transfer and ingest patient data. Third, new entrants to the healthcare industry with digital-first technologies means new data sources and the more data errors. Finally, the 21st Century Cures Act is likely to expose vulnerabilities in collecting and maintaining complete and accurate patient information.


One solution providers and payers rely on is probabilistic patient matching algorithms within their Master Patient Index (MPI) and Master Member Index (MPI) solutions – but this data is limited. 

The limit of probabilistic matching is not that the algorithms are bad, but that the hospital only has the data they have. 99% of the entities in healthcare today do not use external data. It is very rare.”

Even for organizations with high levels of accuracy with patient matching, the increased value of data exchange will expose the inability to accurately coordinate identities and records at scale.3

What’s more, focusing solely on compliance runs counter to the spirit of robust information exchange and the moral imperative to deliver care to patients that leads to better outcomes and reduced risks.

“It’s going to be essential — not just from a regulatory perspective, but also from a health and safety of the patient perspective — to be able to take in this data in real time and make decisions with confidence that the accuracy is there and that you’ve done the matching necessary to provide adequate and accurate patient care,” Timmons explained.


Health IT leaders across the industry recognize patient matching to be a common, ongoing problem. A major factor is the populations served by these institutions and the challenges of aligning administrative and clinical staff to ensure accurate information collection and duplicate record remediation. Provider organizations clearly recognize the challenge of addressing patient matching, but they struggle to make the case to the C-suite that patient matching should be a top priority.

LexisNexis Risk Solutions convened a roundtable in May 2021 of healthcare executive members from the College of Healthcare Information Management Executives (CHIME); “The task of IT is to try to read the tea leaves of what is going to happen on the business side in order to prep our systems. But the organization will probably only be receptive to a lot of IT efforts when they start feeling the pinch of either those penalties and so on,” one CIO we spoke to emphasized.

Even when pressed on the subject of potential penalties for complying with information blocking provisions of the 21st Century Cures Act, healthcare CIOs find themselves between a rock and a hard place.

“Damned if you do, damned if you don’t type of structure,” the CIO from a large midwestern health system told us. “I can be more aggressive in my matching, then I perhaps risk a HIPAA issue. I can be less aggressive in my matching, and then I risk being accused of violating the 21st Century Cures Act.”

Knowing that patient data will be coming from other institutions has IT leaders on edge.

“I am more aware of the risks. I had not taken into consideration the other aspect with patient matching, and with the Cures Act, we have to be cautious of the information being sent out. It was always about the information being pulled in that we thought about,” a medical director of informatics and outcomes from a Michigan health system admitted.

Without a clear solution to remedy these patient matching problems, healthcare executives find themselves in the position of hoping federal authorities will go easy on them. While there are numerous exceptions for the information blocking requirement that could provide some level of protection, patients will continue to suffer from the results of bad data. What’s more, federal officials will be providing more specifics for CMPs or other consequences for providers that fall short of ensuring convenient and secure access to health information.


Policymakers and industry experts have repeatedly called for the creation of a national identifier to solve the patient matching problem — a seemingly simple solution. Social Security numbers (SSNs) have often been used as a unique identifier for health care. U.S. law, however, prohibits the Department of Health and Human Services (HHS) to use its funds to create a unique patient identifier without approval from Congress, and that does not appear to be happening soon. 

Even so, an NPI may not fully resolve the patient matching problem. Establishing a health identifier for all patients would be expensive, and as the military has shown, they have proven insufficient as well. The armed forces and veterans have military identifiers, but there continues to be patient matching issues, especially with private sector providers when those identifiers are not recorded.4

The healthcare industry might take a cue from the outside; in the past five years, technology using third-party data from multiple sources such as credit bureaus, insurance records, motor vehicle registration, and mobile devices has evolved exponentially. Referred to as referential matching, it offers absolute patient match data and ensures patient safety and regulatory compliance. 

Important features of such a solution include:

  • Being non-SSN dependent, to mitigate risk of exposing a patient’s personal data
  • Compiling data from federal, state, and county public records. As opposed to probabilistic matching, referential matching sees through sparse data, errors (e.g., partial or incorrect information), and time (e.g., when demographic data changes, even names and addresses) while being able to match by exclusion (i.e., no fuzzy alternatives)

At LexisNexis Risk Solutions, we used referential matching to develop our LexID. The difference is the number of sources, not just the number of rows of data we have, resulting in far more accurate matches than any probabilistic algorithm.

Referential matching technology works on top of existing EMPI, MDM, and EHR systems, requiring no replacement of these systems. And users can leverage the technology in multiple places within their workflow.

In another use case, referential matching can be used as a trusted resource to tackle patient matching cases that are too complicated for staff to make heuristic decisions about. Organizations have a queue, a list of hard ones, and send those out to confirm data matches. 

The results are impressive. For example, we’ve worked with one health system that had acquired multiple physician practices and amassed over one million patients across six different EHRs. It was essential for them to accurately match these records for patient safety and enterprise analytics initiatives.

By layering the organization’s EMPI with LexID, they were able to match 97 percent of unmatched records, taking them from over one million to just over 700,000 unique patient records, avoiding use of duplicate records and resulting in more accurate view of their patient populations.


As the liability related to patient matching increases, healthcare organizations would be wise to move from predictive matching to reference matching. 

For payers, the race of the last 12–18 months to be compliant with the patient access API mirrors the race of the last 12–18 months for providers to get ready for information blocking. In both cases, now that the organization is ready to be compliant, addressing deficiencies in patient matching is the next priority for many organizations.  

Healthcare is in transition. Patients are being given unprecedented access to their health information, and they deserve information that is complete and accurate. While compliance may be the stick that drives providers and payers, meeting the health needs of individuals is what matters most to patients. What’s more, the ability to support data-driven innovation relies on access to high-quality and timely information. With the future of healthcare largely to be driven by healthcare consumerism, healthcare organizations cannot afford to overlook the value and importance of accurate patient data.


1 PEW, “Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records” (2018) 

2 Black Book Research, “Improving Provider Interoperability Congruently Increasing Patient Record Error Rates, Black Book Survey” (2018)

3 eHI webinar, “Innovative Solutions to Patient Matching and Identity Access Management” (2021)

4 RAND Corp, Susan D. Hosek and Susan G. Straus, “Patient Privacy, Consent, and Identity Management in Health Information Exchange: Issues for the Military Health System” (2013)

The Editorial Team at Healthcare Business Today is made up of skilled healthcare writers and experts, led by our managing editor, Daniel Casciato, who has over 25 years of experience in healthcare writing. Since 1998, we have produced compelling and informative content for numerous publications, establishing ourselves as a trusted resource for health and wellness information. We offer readers access to fresh health, medicine, science, and technology developments and the latest in patient news, emphasizing how these developments affect our lives.