Report on ONC’s Working Session on Patient Identity and Matching

Noam H. Arzt, Ph.D.On Monday, August 31, I attended the final Working Session on Patient Identity and Matching. This virtual event was hosted by the Office of the National Coordinator for Health IT (ONC). This Working Session was a followup to an earlier session back in June 2020.

The event last week had over 300 attendees and covered a wide range of topics and technologies related to patient identity and matching. These ONC Working Sessions are being driven by requirements that are part of the 21st Century Cures Act as well as a Congressional request from December 2019 to continue to "...evaluate the effectiveness of current [patient identity and matching] methods and recommend actions that increase the likelihood of an accurate match of patients to their health care data." Much of the focus of this study has been on whether a national patient identifier should be implemented in the US.

The program began promptly at 9:30am Eastern Time, too early for me (on the West Coast) to make the first two presentations (I have complained to ONC about this scheduling insensitivity before). The recording Working Session has not yet been published, so I was unable to go back and listen to the presentations that I missed. The presentations were quick - most ten to twenty minutes long - with no time for questions.

There was also an active public chat where members of the audience held a dialogue that some speakers were able to react to and incorporate into their presentations. I do not believe that the slides will be made available (outside of the recording which will be published) likely due to federal Health and Human Services (HHS) document clearance requirements which require stringent review and approval both for content and Americans with Disabilities Act (ADA) compliance for those individuals who require accommodation to view the material.

The sessions themselves varied widely. Some were a rehash of common barriers, problems, and opportunities in patient matching. Some were focused on specific vendor solutions or strategies. There were sessions on open standards like OAuth, and a lot of emphasis on patient-centered solutions and so-called Self-sovereign Identity (SSI). There was an ample amount of discussion surrounding a national patient identifier, but the overall program did not seem as obsessed with this topic as it was during the previous session back in June.

I did have a few favorites among the presenters:

  • There was a nice presentation by Jeremy Grant representing FIDO, an open industry alliance focused on authentication. Members of the FIDO Alliance use public-key encryption (PKI) instead of traditional passwords implemented in easy-to-use ways on patient's personal devices. I liked their model of security versus usability (see diagram) and their positioning of FIDO standards in a more aspirational position compared to password and two-factor authentication.
  • There was a great presentation by Norm Adams, PhD, and Ryan Hess from Surescripts who detailed their large, master patient index (MPI) which is used to support their pharmacy services. They said that Surescripts has more than 300 million patients in the MPI and gave details about their approach: a proprietary probabilistic algorithm supplemented by referential matching. They offered strong advice based on their lessons learned.
  • There was a nice presentation by John R. Talburt and Daniel Pullen from Noetic Partners about an "ideal" patient matching solution. What stood out to me was their strong advocacy for transparency in matching algorithms - no vendor-provided "black boxes" that left the methods a mystery. They argued that transparency was essential for proper measurement and quality assurance. But how do you balance transparency with proprietary interests? Perhaps this is where open source solutions might play a key role. They also spoke very candidly and realistically about the limitations of clerical review of suspected matches.
  • Our friend Shaun Grannis from the Regenstrief Institute came forward to point out that the most looming issue is not related to technical solutions for patient identity and matching but the need to overcome our lack of a national strategy (see this article that I wrote for Medical Research Archives on just this point).

Patient identity and matching is a complicated issue and it won't go away quickly. On the one hand, ONC recognizes the myriad of perspectives by hosting sessions like this workshop. On the other hand, the primary issue still seems to be cast in a "do we do a national patient identifier or not" choice. In the past I have resisted expressing a strong opinion about this, but it seems to me the more I hear the less likely the US healthcare has the collective ability or citizen support for such an implementation.

The additional interoperability requirements of mental health, current disasters such as the COVID-19 pandemic, Western wildfires, and Atlantic hurricanes, as well as data exchange requirements across domain areas (like social services, education, and criminal justice) only increase the complexity and touch additional policy and legal areas. While the legal and policy framework in some domains has a federal backdrop (such as HIPAA in health and FERPA in education), data sharing laws differ widely from jurisdiction to jurisdiction. Some view this as an obstacle to interoperability; some view this as necessary protection of patients'/citizens' right to privacy which might have local perspectives.

Comments were due to ONC on US patient identity and matching strategy by September 4, 2020, in anticipation of an upcoming report to Congress.