Patient Identity and Patient Record Matching


September 4, 2020

Thank you, ONC for the opportunity you gave me to speak in June. Also, thank you for the format of your August meeting where the Zoom chat feature offered a wonderful venue for an inclusive commentary and discussion as the talks were happening. Beats lining up at the microphone any day.

Here is a brief recap of my suggestions, in no particular order:

  • Patient identity is not different from human identity. Working on healthcare-specific solutions is not only expensive, but also ineffective. As some of your speakers made clear, the economic value of patient ID requires access to social determinants of health, non-HIPAA wearables, social relationships, assisted living, and economic correlates. Access to these will not be covered by HIPAA so any solution that depends on HIPAA-derived federations, including the incumbent HIEs, is not going to work. The Surescripts approach, for example, may be surveilling 315 million people already but it’s a dead end.
  • HIPAA does not provide a right to consent. Because HIPAA is not broad enough to drive the economic and social benefits of patient identity, a HIPAA-based solution cannot be effective in the long run. A national patient ID strategy must be based on consent. One way to introduce consent into the solution is to involve payer IDs. Although not everyone is insured, yet, those who are have every reason to provide strongly validated identity voluntarily. Leveraging the near-universal consensus against surprise medical bills will align incentives even further.
  • TEFCA depends on patient identity on a scale that stresses probabilistic matching. As it stands, TEFCA is not guaranteed to succeed because it still depends on new regulation and enforcement. The incumbent state and vendor HIE interests have almost no economic reason to cooperate. Major integrated delivery networks invested in “Epic Everywhere” as a way to control local competition have no reason to help TEFCA dilute their expensive investment. To derive value and equity benefits from TEFCA, its governance strategy will need to be much more patient-focused than it is so far. The tendency for ONC to stand back and wait for Sequoia to do its thing will lead to failure. If ONC wants TEFCA to succeed you will need to give consumers and economists the lead, with incumbent HIEs, hospitals, and vendors in an advisory role. Furthermore, all of TEFCA’s and Sequoia’s doings need to be in the open and subject to Federal transparency regs.
  • Regardless the pace of insurance or health reform, our nation needs timely and accurate data to drive health policy and provide the resilience essential to dealing with public health emergencies. Research uses of health data can also be improved. Most of all, a remedy for the health access disparities unique to the US among rich nations, will require patient trust and unprecedented transparency into how healthcare is delivered, to whom, and at what cost. As the disgusting lobbying over ending surprise medical bills has clearly shown, the majority of private and incumbent interest, including the AMA, have little regard for the social impact of their policies. Patient identity strategy is critical to providing the sunshine and driving the science we need to serve the interest of all Americans.
  • Self-Sovereign Identity (SSI) in the form of standardized decentralized identifiers (DID) is certainly going to be part of the patient ID solution because the alternative, federated identity (as in OpenID Connect) has already failed both in healthcare and other markets. The reason OpenIDConnect has failed is inadequate privacy. Nobody wants “Sign In with Facebook” to mean that Facebook gets to track everywhere they sign-into and that Facebook gets to cancel their account on a whim and have them lose control of the services that depend on the Facebook-controlled credentials. I am not aware of any successful consumer-level federation for single sign-on, in or out of healthcare, except for ATMs, which benefit from the huge homogeneity and deep regulation of banks. So, wherever overall strategy we go forward in TEFCA and beyond, please consider that there is no current alternative to SSI for the patient ID components.


Adrian Gropper, MD

CTO, Patient Privacy Rights

Deborah C. Peel, MD

President and Founder, Patient Privacy Rights