Patient Identity Integrity White Paper

Read about the variables impacting patient identity integrity and the suggested recommendations for mitigating these challenges.

Patient identity integrity is the accuracy and completeness of data attached to or associated with an individual patient. It includes the accurate identification of the patient and the linking of all related information to that individual within and across systems. 

This paper discusses the holistic process for matching records for one individual. It identifies the complex issues related to patient identity integrity as well as the critical business processes that must be in place to support and maintain the integrity of the data for quality of care, patient safety and cost management.

Read an Excerpt: 


In June 2008, the HIMSS Privacy and Security Steering Committee created a Patient Identity Integrity (PI Integrity) Work Group composed of volunteer industry experts to address concerns raised from a variety of industry sources about the need for guidance in understanding the complex issues surrounding PI Integrity.[1] 

PI Integrity is the accuracy and completeness of data attached to or associated with an individual patient.  Data must be reliable, reproducible, and sufficiently extensive for matching purposes. Completeness refers not only to having adequate data elements present but also the correct pairing or linking of all existing records for that individual within and across information systems. PI Integrity is of central importance to achieving quality of care, patient safety, and cost control. 

While it is relatively easy to see the implications of PI Integrity on quality, safety, and cost, it is far more difficult to grasp the complexity of maintaining identity integrity in the real operational environment.  To solve the problem of assuring a state of high quality PI Integrity, one must look at the entire process of patient identity management (PIM). The PI Integrity Work Group identified nine variables that influence, in varying degrees, our ability to build and sustain a database in a high state of identity integrity.  These key influencers are: industry standards, interfaces, algorithms, unique identifiers, business processes, data accuracy, data quality, training, and medical devices. 

This paper discusses each variable at a high level and its impact on PI Integrity.  Due to the complexity of detail, this paper does not provide an in-depth discussion of each variable; rather it seeks to offer sufficient understanding to provide professionals with a sound basis for planning and decision-making.  References are cited in the document for those seeking more in-depth information, along with a select bibliography at the end.  Barriers and specific recommendations are discussed in each section. 

Specifically excluded from the scope of this paper are the topics of provider identity and user identification, authentication, and authorization for system access.  Initial discussions within the HIMSS Work Group uncovered confusion between these topics and PI Integrity.  When people speak of privacy and security, they first go to the technical concepts of identification, authentication, and authorization for system access and how they are supported by the system.  This paper does not deal with these issues.  This paper deals with the holistic process for matching records for one individual person within and across multiple systems.  It begins to address the challenges of overlapping concepts, shared terminology and limited understanding and misunderstanding of the scope of PI Integrity. 

Description of Problem

The ultimate goal is the accurate identification of the patient and linking of all related information to that individual within and across systems.  Linking the wrong clinical information to a person can not only cause great personal harm to the patient, but can also incur huge costs to the healthcare provider in correcting and mitigating the error.  Incorrect information impacts patient safety and compromises quality of care.  Good clinical decisions based on bad data become bad clinical outcomes.  For example, the wrong patient who received the wrong lens implant must undergo a second procedure to correct it.  A third procedure is performed on the correct patient who never got the procedure due to the identity error. In addition to the obvious negative impact on the patient, providers are also negatively impacted in that they must absorb the costs of correcting their mistakes.  Also, there are potentially substantial legal costs that could damage the reputation of the institution based on bad clinical outcomes.

The healthcare industry is moving aggressively to expand the use of electronic health records (EHRs), electronic medical records (EMRs), personal health records (PHRs), and health information exchanges (HIEs). Recent legislation creates new financial and regulatory incentives for increased use by physician practices and HIEs.  As health IT makes deeper inroads into the healthcare community (President Obama’s call for an EHR for everyone by the year 2014), and HIEs and the Nationwide Health Information Network (NHIN) ramp up to connect information locally, regionally, and nationally, PI Integrity becomes a critical issue that must be understood and addressed.  A local system with a poorly maintained or “dirty” master person index (MPI) will only proliferate and contaminate all of the other systems to which it links.  These events have brought PI Integrity to the forefront because of its critical importance to the successful implementation of these information systems.  HIEs magnify the problem for several reasons: (a) they do not have control of the patient identity data capture process, (b) they receive data from many different provider MPIs and the data fields being sent to the HIE are frequently not consistent and (c) they do not control the interfaces coming into the HIE’s database.  Since a major portion of the activities of an HIE involve the exchange of clinical information between independent (and therefore heterogeneous) entities, these issues create significant additional stress on the HIE’s ability to effectively maintain their system with high data integrity.

Without identity integrity, information pertaining to one individual may exist in one or multiple databases where it resides as a “duplicate,” inaccessible or unknown to those needing to see the complete or most current picture.  Conversely, information on two individuals may be combined erroneously into one record; this is called an “overlay.” These conditions are common symptoms of poor (or lack of) data management and can result in:

  • uninformed or marginalized clinical decision-making that impacts quality outcomes and patient safety;
  • poor utilization of healthcare resources leading to repeated tests or procedures due to lack of access to existing reports or results;
  • inability to drop a bill to collect payment or missed billing opportunities when lab results are posted to an old account or wrong account; and,
  • manipulation of the system for illegal purposes such as drug seekers, drug diversion or medical identity theft, to name a few.  

Because of the enormous impact that PI Integrity has on the clinical, financial, and administrative business of healthcare, it is imperative that the quality of an organization’s identity integrity be addressed prior to sharing data externally with other stakeholders.