Privacy and security solutions for interoperable health exchange information

Abstract

As electronic health information exchange becomes more prevalent, the accurate and efficient matching of patients to their health records will become a greater and more pressing priority. Incorrect matching can result in misinformation and medical error and can compromise privacy and security if patient information is inappropriately disclosed. No standardized process to evaluate matching approaches currently exists, and only limited information is available about the performance of operational matching systems. The lack of a standardized method for matching is compounded by challenges such as patient information that is out of date or incorrectly recorded, the sharing of identifiers, and identity traits that are too common to allow an unequivocal match of records.

To address these challenges, the health care industry has proposed and pursued a number of approaches to patient matching, including deterministic (rules-based) matching, probabilistic (statistical) matching, biometrics (such as fingerprints or retinal scans), and the use of a unique patient identifier (UPI). Each of these approaches presents technical, logistical, and policy benefits, as well as concerns. Multiple factors may influence the development and implementation of matching solutions at the local or nationwide level, including adaptability, accuracy, scalability, sustainability, and privacy and security. Improved matching solutions should also include transparent evaluation, documentation, and dissemination. Successful matching of patients to their records requires research and input from both policy and technical experts.