Defining and Evaluating Patient-Empowered Approaches to Improving Record Matching

by Robert S. Rudin, Richard Hillestad, M. Susan Ridgely, Nabeel Shariq Qureshi, John S. Davis II, Shira H. Fischer

This Article

RAND Health Quarterly, 2019; 8(3):3


Despite widespread adoption of electronic health records and increasing exchange of health care data, the benefits of interoperability and health information technology have been hampered by the inability to reliably match patients and their records. The Pew Charitable Trusts contracted with the RAND Corporation to investigate “patient-empowered” approaches to record matching—solutions that have some additional, voluntary role for patients beyond simply supplying demographics to their health care providers—and to select a promising solution for further development and pilot testing. After extensive consultation with a variety of experts, researchers did not identify a “silver bullet” or achieve consensus on a single solution. Instead, this study recommends adopting a three-stage approach that aims to improve the quality of identity information, establish new smartphone app functionality to facilitate bidirectional exchange of identity information and health care data between patients and providers, and create advanced functionality to further improve value. The study also suggests that because the solution contains multiple components involving diverse stakeholders, a governance mechanism likely will be needed to provide leadership, track pilot tests, and evaluation, as well as to convene key stakeholders to build consensus where consensus is needed.

For more information, see RAND RR-2275-PCT at

Full Text

Despite widespread adoption of electronic health records (EHRs) and increasing exchange of health care data, the benefits of interoperability and health information technology have been hampered by the inability to reliably match patients and their records. A 2014 report by the Office of the National Coordinator for Health Information Technology (ONC) suggested that when providers exchange records with other providers, rates of record matching—defined as the process of identifying and linking medical records for the same patient across different data sources—can be as low as 50 percent. Other studies suggest that even with dedicated effort, these rates may not reach above 95 percent. Because of inadequate record matching, too often, some or all of a patient's medical data are not made available at the point of care or, more worrisome, incorrect patient data are used to make medical decisions. It is widely recognized that correct record matching is critical to prevent medical errors, avoid delays in care, facilitate informed medical decisionmaking, and reduce administrative burdens.

The Pew Charitable Trusts contracted with the RAND Corporation to investigate "patient-empowered" approaches to record matching—solutions that have some additional, voluntary role for patients beyond simply supplying demographics to their health care providers—and to select a promising solution for further development and pilot testing. (Other types of record matching solutions in which the patient does not have an added role exist and are the subject of other studies supported by Pew and conducted by other investigators. We did not compare patient-empowered approaches to other approaches.) This work occurred in two phases. In Phase 1, we identified possible solutions and criteria to evaluate them through literature searches, as well as interviews with subject matter experts (SMEs) and an expert panel, who provided feedback and helped us select a solution. In Phase 2, we further specified the selected solution and next steps by conducting additional interviews, targeted literature searches, and by meeting with the expert panel a second time.

While we did not identify a "silver bullet" solution, we did identify multiple patient-empowered approaches that may have potential—with further development—to improve record matching. Ultimately, we selected a three-stage solution in which patients can "verify" their mobile phone number and other identity attributes with their health care providers and use new smartphone app functionalities that enable bidirectional communication of identity and health information between patients and providers. We make recommendations for how to advance this solution through development and pilot tests.

Evaluation Criteria for Record Matching Solutions

Through analysis of literature and with expert input, we identified 11 evaluation criteria for making systematic comparisons of record matching solutions (criteria are neither independent of one another nor mutually exclusive):

  • Improvement in record matching if widely implemented
  • Patient control
  • Likelihood of adoption by patients
  • Likelihood of adoption by providers
  • Likelihood of adoption by vendors
  • Feasibility (of development, pilot testing, and implementation)
  • Minimal security risks
  • Sustainability (operational and financial)
  • Political viability
  • Potential to foster new uses of matched records
  • Low potential for unintended negative consequences

The large number of criteria reflects the complexity of the record matching design space and the potential need for nuanced tradeoffs. This complexity is also apparent in the ongoing challenges with record matching, the diverse potential solutions we identified, and the lack of clear consensus among experts on a favored solution.

Patient-Empowered Solutions to Record Matching

Through analysis of literature and with expert input, our study identified ten potential solutions that involve additional patient participation. Solutions involved a range of new patient activities, including supplying new or enhanced patient identity information to health care providers (which can be used in record matching processes); giving health care providers record location information or access to their aggregated medical records; and participating in verifying information to improve record matching. The ten potential patient-empowered solutions are:

  1. Implementing a voluntary universal identifier (VUID): A central organization issues identifiers but does not store protected health information (PHI); providers manage identifiers using hardware and software that is supplied by the central organization and interfaces with their existing systems.
  2. Using a public key as an identifier: Patients are issued a public key–private key pair and use the public key as identifier.
  3. Expanding the use of existing government-issued identifiers: Patients provide driver's license or other IDs, which are used with demographics for record matching.
  4. Adding knowledge-based identity information: Patients answer knowledge-based questions, which are used with demographics for record matching.
  5. Adding biometric data: Patients provide fingerprints, iris scans, or other biometrics, which are used along with demographics for record matching (multiple technical architectures are possible).
  6. Having patients verify identity information: Patients verify existing identity information such as mobile phone number through one-time passcodes sent by their provider.
  7. Using consumer-directed exchange: Patients collect their health information into one application and can access and share it with providers.
  8. Using health record banks (HRBs): Providers submit health records to a regional data repository that allows patient and provider access.
  9. Having patients manually verify record matches: Patients verify record matches or identify lack of matches through a user interface.
  10. Having patients supply record location information: Patients provide information on previous care locations that providers use to identify previous records.

While we were able to find extensive information regarding some of the proposed solutions, the available information for others consisted of overarching ideas or concepts that had not been fully developed. Solutions also ranged widely in important aspects such as type of data to be used for record matching, degree of patient involvement, and workflow changes that would be required of health care providers.

Evaluation of Identified Solutions

We encountered a number of challenges in applying the evaluation criteria and selecting a promising approach for further development and pilot testing. Some proposed solutions were based on general ideas and lacked important functional detail needed to define how they worked. Others were fully developed and had been pilot tested, but formal evaluation data were unavailable and/or the generalizability of evaluation results was questionable. Nevertheless, we were able to systematically apply our 11 evaluation criteria to our ten potential solutions and compare the relative strengths and limitations of the various solutions. No solution emerged as the "silver bullet," and some challenges were common across many solutions. We ultimately selected an approach that combines aspects of several of the solutions.

Our analysis found two core challenges to patient-empowered record matching solutions: (1) patients, in general, are unaware of record matching issues, or may believe that the health care system should fix the matching problem without their involvement, and (2) providers may be reluctant to make major changes in staff workflows, core business and administrative processes, and technology, even for the limited time required to pilot a solution. These challenges notwithstanding, we found that the appeal of some of the solutions is obvious, and yet their drawbacks are also evident. For example, biometrics-based approaches are surely convenient, but at the same time, fingerprints cannot be changed if they are compromised. Consumer-mediated exchange solutions (which we define to include HRBs and consumer-directed exchange) are ideal for promoting patient control, but they have questionable return on investment and thus may lack the business rationale necessary for widespread adoption. On balance, a reasonable argument could be made to further develop and pilot test most of the potential solutions we identified, and in fact, for many of the potential solutions, some experts claimed the benefits would exceed the costs.

As a result of our analysis, and in consultation with Pew staff and our expert panel, we selected for further development an approach to patient-empowered record matching that combines and enhances several of the potential record matching solutions we identified. In particular, we propose to involve patients in verifying their identity information (Solution 6); using smartphone apps to share government-issued identifiers with providers (Solution 3); using smartphone app credentials to log in to their patient portals, which may ultimately facilitate consumer-mediated exchange (Solution 7); and using smartphone apps to store and use an identifier similar to the one proposed as part of the HRB model (Solution 8). This approach involves developing multiple complementary functionalities that work together in a synergistic way and can be implemented in a stepwise fashion, with each successive stage offering incrementally greater potential for improving record matching. All of the proposed components are centered on the functionality afforded by mobile phones and smartphone apps. We chose this approach because it could:

  • leverage the widespread and increasing adoption of mobile phones and smartphones;
  • improve record matching because of improved data quality of identity information and use of attributes that have been verified;
  • leverage and integrate with providers' and health information networks' (HINs') existing record matching engines;
  • promote the use of a simplified check-in process at providers' front desks (thereby improving the likelihood of adoption by patients and providers); and
  • evolve to incorporate additional functionality to improve record matching and increase patient access to and control over their data.

However, we acknowledge that this approach also has some disadvantages, including the need to establish new technical specifications and new provider workflows, as well as the potential to exclude some patients (such as those who cannot afford smartphones or have difficulty using them) from benefiting from some components. While development and pilot work on this solution are feasible with modest resources, scaling the solution (or any patient-empowered record matching approach) may require an extensive effort of national scope.

Three-Stage Solution

Our solution takes a phased approach by starting with components that we anticipate would be easier to put in place. This solution aims to improve the quality of identity information used for record matching (Stage 1), establish new functionalities of smartphone apps (which may consist of apps that currently exist, such as those that currently support personal health records [PHRs], or newly developed apps) to facilitate transfer of this information to providers (Stage 2), and create advanced app functionality to further improve record matching and address our other evaluation criteria (e.g., likelihood of adoption, sustainability) (Stage 3). We describe this approach in terms of three stages that we believe are the most likely sequence for development and implementation, but it is possible that some components may be developed or implemented earlier or later than we describe relative to others (e.g., smartphone app functionalities for transferring identity information to providers may be developed before the concept of verified identifiers is established and implemented). See Table 1 for a summary of the key components.

Table 1. Three-Stage Solution to Patient Record Matching

Stage 1: Add Verified Patient Identity Information
  • Technical specifications for verified attributes are established
  • Workflows and best practices to verify attributes starting with mobile phone numbers are developed
  • Workflows and best practices to facilitate patient sign-up for existing patient portals are developed
Stage 2: Add Basic App Functionality
  • Technical specifications define APIs that enable bidirectional communication between a patient app and provider
  • Patient app can send identity information (including attributes verified by app)
  • App can return provider contact info and instructions to sign up for patient portal
  • Governance ensures apps are trusted
Stage 3: Add Advanced App Functionality
  • Apps can facilitate identity-proofing to increase number of verified fields
  • Credentials from app can be used to log in to patient portals, facilitating health data aggregation in app
  • Validated insurance information can be stored in app and transferred to provider with other identity attributes
  • Unique identifiers issued by HINs can be stored in app and transferred to provider with other identity attributes

The first stage introduces the concept of "verified" patient identity attributes, which would mean that the attribute had been confirmed by the patient. Such an attribute would be used by record matching engines along with existing attributes and would be weighted as more reliable because it was verified. This enhancement to identity information will improve the accuracy of record matching engines and would enable immediate use of verified mobile phone numbers, which are existing identifiers that have many good qualities for improving (but not perfecting) record matching: They are unique, they change infrequently, they are controlled by an existing international infrastructure, and patients have a strong incentive to avoid having their phone stolen or phone number compromised. This concept of verified attributes will require the development of technical specifications for verified data fields that assign a level of data quality to patient identity information.

The second stage provides basic functionality of a smartphone app that would transfer identity information (e.g., name, date of birth, address, government-issued identifiers) to health care providers, replacing paper clipboards for this information, and, in turn, facilitating the transfer of patient health data from patient portals into the app. Although each patient will likely use only a single smartphone app, in an ideal world we envision patients having multiple options from which to choose. In the third stage, advanced app functionalities would be developed to improve record matching and strengthen the value proposition for both patients and providers. Examples of such functionality include using an app to identity-proof patients, expanding existing efforts by HINs to issue unique identifiers to patients, which they can use through their smartphone apps, and allowing patients to log in to their patient portals using their smartphone app credentials. This work will require iterative testing to develop the functional requirements and specifications so that such apps are usable and useful, and may require a governance process to ensure apps are trusted by patients and providers.


We provide five recommendations, three of which advance our selected three-stage solution through development and pilot testing and two that would help to accelerate any and all efforts to improve record matching. For the first three recommendations, to support development, pilot testing, and evaluation of the components of the three-stage solution, a source of funding would be required to pay application designers, software developers, evaluators, and possibly other participants. To achieve widespread adoption, the technical specifications and best practices resulting from the development efforts we recommend would need to be widely and freely available, and so funding for them would most likely need to come from stakeholders dedicated to improving record matching broadly rather than those who expect to make a profit.

Recommendation 1

Develop technical specifications for verified data fields, develop best practices that allow health care providers to verify mobile phone numbers, and iteratively pilot test and refine the specifications and best practices to maximize feasibility and usability. In Stage 1 of our solution, the concept of a verified data field, especially applied to mobile phone numbers, can improve record matching rates by providing higher quality data for matching engines and metadata indicating the degree of quality (e.g., metadata that indicated a phone number was verified last week would suggest the phone number was more reliable than if it was verified five years ago or not at all). The technical specifications and best practices should be developed by a team of application designers and software developers and pilot tested with at least two participating provider organizations that share patients and use a matching engine. As feasibility is demonstrated, pilot testing with new types of providers in different settings and with patients would allow for further refinement and scaling up.

Recommendation 2

Develop application programming interfaces (APIs) and best practices for establishing bidirectional communication between a smartphone app and health care provider registration systems at the point of care, and iteratively pilot test and refine them. In Stage 2, development should assess the use of quick response (QR) codes or near-field communication (NFC) to allow a smartphone app to transfer identity information to health care providers and facilitate patient access to their health information through their patient portal accounts. As with Stage 1, this development work should be done by application designers and software developers and pilot tested with at least two participating provider organizations that share patients and use a matching engine. One or more smartphone app vendors would also need to participate. As feasibility is demonstrated, additional pilot testing with new types of providers in different settings and with patients will help further refinement. To facilitate widespread adoption, the API should not be proprietary.

Recommendation 3

Develop advanced app functionalities. In Stage 3, advanced smartphone app functionalities may include one or more of the following: establishing mechanisms to remotely identity-proof a patient from a smartphone app, allowing credentials that are associated with control of the phone to be used to log in to a patient portal, incorporating verified insurance information in an app, and using identifiers from "qualified" HINs (as defined under the Office of the National Coordinator's Trusted Exchange Framework and Common Agreement [TEFCA]). Other advanced app functionalities should also be considered to improve the value proposition for patients and providers. This work would be undertaken by application designers and software developers, but, depending on which functionalities are chosen and the development work required, other stakeholders (e.g., identity-proofing services, insurance companies, HINs) would have to be involved as well.

Recommendation 4

Establish or designate an organization to oversee national progress in record matching. An organization is needed to provide leadership, convene stakeholders, monitor and track progress, spread best practices, potentially help establish governance processes, and try to keep record matching on the agenda as a high priority for the public and for health system leaders. This organization could be a new or existing organization, and it could be public or private, but it should be recognized in some capacity by the federal government so as to provide legitimacy and promote transparency. The organization could be established by making a long-term commitment to this issue and convening key stakeholders or by being designated by the federal government. Its specific role should evolve over time according to the needs of ongoing record matching efforts and should not duplicate other organizations' capabilities (e.g., standards development).

Recommendation 5

Conduct more rigorous research into the nature and magnitude of record matching errors, and create methods for health care providers to objectively benchmark their record matching performance. Despite recognition of the importance of record matching, few studies have investigated its causes or measured matching rates, and health care providers do not report matching rates publicly. As a result, few patients are aware of the problem, which may, in turn, be depressing demand for a solution. Objective analyses of the financial and clinical burdens of record matching failures will increase the urgency of addressing this problem. More research into the causes of record matching error, development of methods for health care providers to benchmark their matching rates, and requirements to publicly report matching rates would help provide much-needed transparency and make the case for scaling solutions.


In this study, we identified a range of potential solutions to engage patients in record matching in a way that could address current matching failures, thereby strengthening interoperability and health information exchange (HIE). Although we have selected a three-stage solution and provide recommendations to further its development, this selection is not meant to discourage the development of other solutions we identified or those we did not discuss because they were outside the scope of this project. Indeed, we did not identify a patient-empowered "silver bullet" solution that would completely satisfy all of our identified evaluation criteria and produce perfect record matching—such a solution probably does not exist. Instead, engaging patients in solving the problem of inadequate record matching likely requires an array of solutions, each of which will address the problem to varying extents depending on the patient population, provider type, and care setting, as well as on provider workflow and other factors that will be identified only with real-world pilot testing and evaluation. Given high uncertainty as to the extent to which any specific solution can ultimately succeed in improving record matching, further investigation, development, and pilot testing of a range of solutions are warranted.

The research described in this article was funded by The Pew Charitable Trusts and conducted by RAND Health.

RAND Health Quarterly is produced by the RAND Corporation. ISSN 2162-8254.