The Futility of Patient Matching


The original sin of health records interoperability was the loss of consent in HIPAA. In 2000, when HIPAA (Health Insurance Portability and Accountability Act) first became law, the Internet was hardly a thing in healthcare. The Nationwide Health Information Network (NHIN) was not a thing until 2004. 2009 brought us the HITECH Act and Meaningful Use and 2016 brought the 21st Century Cures Act with “information blocking” as clear evidence of bipartisan frustration. Cures,  in 2018, begat TEFCA, the draft Trusted Exchange Framework and Common Agreement. The next update to the draft TEFCA is expected before 2019 which is also the year that Meaningful Use Stage 3 goes into effect.

Over nearly two decades of intense computing growth, the one thing that has remained constant in healthcare interoperability is a strategy built on keeping patient consent out of the solution space. The 2018 TEFCA draft is still designed around HIPAA and ongoing legislative activity in Washington seeks further erosion of patient consent through the elimination of the 42CFR Part 2 protections that currently apply to sensitive health data like behavioral health.

The futility of patient matching without consent parallels the futility of large-scale interoperability without consent. The lack of progress in patient matching was most recently chronicled by Pew through a survey and a Pew-funded RAND report. The Pew survey was extensive and the references cite the significant prior efforts including a 100-expert review by ONC in 2014 and the $1 million CHIME challenge in 2017 that was suspended – clear evidence of futility.

Pew’s chronicle of futility is capped by a 2-hour panel discussion designed to highlight innovations in patient matching. Pew’s experts did not include privacy experts. Nobody was there to call patient matching what it really is: involuntary surveillance. The new idea in the Pew reports is “referential matching” where the surveillance system is enhanced with information about us from data brokers and credit bureaus. What could possibly go wrong, especially as we add artificial intelligence into the surveillance toolkit?

Why is healthcare the only industry with a person matching problem? The reason is partly historical. In the days before HITECH incentives and BIG EHRs, each hospital had dozens of proprietary software vendors, many of them with their own patient ID. Within a single hospital, patient consent was not an issue and probabilistic patient matching can work when the patient universe is a single hospital. As hospitals and practices began consolidating, probabilistic patient matching still made some sense because the governance was effectively a single entity and the number of patients was in the few millions. But regional or national interoperability is a very different ballgame. Governance is now spread across competitors and the universe of patients to match within is hundreds of millions.

The solution to patient matching and to interoperability is the same: patient-directed exchange. With the patient-directed exchange, patient matching is trivial and non-proprietary, consent is automatic by definition, and the costs of data brokerage are eliminated. Furthermore, the patient-directed exchange allows interoperability across 42CFR Part 2 behavioral health practices and includes community organizations and social services that are typically not covered by HIPAA. The quantity and the quality of patient data are both improved.

The next round of regulations from ONC will be a definition of information blocking and an updated version of TEFCA. Will this ONC continue to promote a strategy of involuntary surveillance by ever more powerful incumbents or will they finally allow patients to say: “Nothing about me without me”?

Adrian Gropper, MD is CTO of Patient Privacy Rights and leads the HIE of One project for patient-directed health information exchange.

Categories: Uncategorized

Tagged as: , , ,

5 replies »

  1. The quantity and the quality of patient data are both improved. Technology has always played a crucial role in healthcare innovation. For quality care solutions like patient referral management, chronic care management, and care management are vital for the industry.

  2. I could not agree with you more that service providers should not share or make copies of any data that they themselves did not originate. That’s obvious for a lab, a genome sequencer, an imaging center, but it should also be true for a surgical team or a specialty practice in a hospital. I might relax that to some extent for primary care practices where the physician is actively responsible for curating an aggregated health record, but even that has to be done with care to avoid prejudice.

    Both the standards and the software to do this are available for discussion and testing. The HIE of One Trustee project is an implementation of the Kantara UMA standard for an authorization server. It sits on top of the SMART on FHIR interfaces mandated for 2019 and enables each EHR or other service provider that adds UMA support to their EHR. This standard allows each service provider to post the information they are responsible for and each requesting party to aggregate some or all of that information on-demand, in real time, at the point of care. This architecture has many benefits beyond current EHR aggregation practice. Because it’s patient-centered and patient-owned, the UMA authorization server can provide UMA access to social determinants of health and 42CFR Part 2 sensitive data that would not be accessible in an EHR or HIPAA based regional HIE. The data clinicians request via UMA comes directly form the source and retains its full integrity without complex and often proprietary digital signature and provenance schemes.

    As we begin to implement the 21st Century Cures Act, UMA-based interoperability is the simplest and most scalable solution because it avoids patient matching and consent issues that seem to get ever more complex.

  3. A thought experiment: What if you looked at the inverse of interoperability?, the opposite of interoperability: a situation where you could access no data except from what we have recently generated in that particular EHR that serves the hospital ot hospital system that contemporaneously enrolls the patient?

    How much funtionality would you lose?

    Maybe contemporaneous data is the only valid data? …because patient biology is so rapidly changing, so evanescent and volatile? Maybe we shouldn’t know that last month’s hemoglobin was 9.8? Maybe we shouldn’t know that the ground glass RUL infiltrate measured 3cm? Maybe, all in all, it is better to know and act on what we see today or thereabouts? Because we should not be distracted?

    But, of course, this is not the ideal solution. I agree with Adrian about the patient’s essential role in this matching process.

  4. One of the most important details under HIPAA was the provision for a person’s ability to define, other than for legitimate healthcare coordination, to whom their information could be released and most importantly to whom it could NOT be released without a court order. In my small group, private practice of @3,000 active person’s (seen once in the prior 18 months), there were usually about 3-6 patients who would define a person/persons who could under no circumstances have access to the person’s status (even to disclose if they were or were not a patient). So, if you wonder why the mental health folks have been slow to adopt an EHR, now you and I both know why! This HIPAA status was defined by a special, loosely filed form for each independent person within the family (we used family charts). This made it accessible to the TRIAGE nurses (an R.N.) who answered the phone, since all of the charts were easily accessible behind the Triage “desk.” Strangely, we never had problems with EHR downtime accessibility for the 41 years of our active practice.

    Medical Record Privacy as an ethical standard for healthcare quality seems to be increasingly diminished without any awareness of its important contribution to a person’s autonomy and dignity. Shame on all of us!