By Mary Butler

Brandi Hunsaker, RHIT, HIMS EHR director at Banner Health, has spent over 20 years in the health information management profession. When she went to see her doctor prior to undergoing an outpatient procedure, her internal alarm bells went off when she noticed that the home address listed on a prescription print-off was not her own.

“I called my doctor’s office and I said, ‘I think my information has been overlaid with another patient in your office,’” Hunsaker says. When the person on the other end of the phone didn’t know what an overlay was, Hunsaker asked to speak to the office manager so she wouldn’t have to explain it again.

“I explained what I do for Banner Health. And I said, ‘Here’s what happened. I would like for you to please, instead of going into my record that you’re probably looking at right now and just updating the address to what I’m about to tell you it should be, please check and see if you can see the name history. Because I’m about to go and to have this procedure in two days, and I don’t want there to be any complications.”

When the office manager assured her that there was no further evidence of an overlay, Hunsaker tried to relax. Laughing—nervously—Hunsaker said, “OK, I’m going to trust you that nothing terrible is going to happen during my procedure.”

Due to her professional history of managing Banner Health’s enterprise master patient index (EMPI), Hunsaker knew exactly what could go wrong if someone else’s medical history was interspersed with her own. But this incident was a reminder that most patients don’t realize this is a scenario that HIM professionals work valiantly to prevent.

There are myriad ways providers work to prevent the intrusion of harmful medical mistakes in the care they deliver to patients. Physician offices and specialty clinics give patients lists of sound-alike medications to combat confusion between prescription drugs such as Celebrex and Celexa or Toradol and Tramadol.

It’s also a best practice for hospitals to survey patients after an inpatient stay to ask questions about whether their caregivers washed their hands or changed gloves between patients. And, since 2007, as part of its National Patient Safety Goals, the Joint Commission has required that healthcare organizations encourage patients’ active involvement in their own care as a patient safety strategy.

At the same time, patient safety experts caution against leaning too hard on patients to report errors or unsafe conditions when they witness them. An analysis of studies by the Agency for Healthcare Research and Quality (AHRQ) found that engaging patients in medical error prevention “risks simply shifting the responsibility for safety from providers and institutions to patients themselves.”1

HIM professionals who work closely with patient identity and on EMPI management are all-too-familiar with patient safety events that can arise from patient identity mismatches and poor data collection, and many of them report a persistent belief that if patients knew more about the risks then they would be less guarded about sharing additional identifiers with registrars during the intake process.

For example, people readily understand that when surgeons use a marker to put an X on the body part where they’ll be performing surgery, they’re doing so for the patient’s own safety, says Rebecca Way, RHIA, director of revenue cycle and business operations for Northwell Health.

“When I’m about to get on a plane and they say, ‘We need to have a mechanic come on and look at something,’ we don’t second guess that. We say, ‘OK,’” she explains. “I think we, as patients, need to understand what we’re really being asked and why it’s being asked of us, and then I think it would be easier to say, ‘Oh, sure. I understand now.’”

There are myriad ways providers work to prevent the intrusion of harmful medical mistakes in the care they deliver to patients.

As Way is quick to note, identity, by nature is deeply personal and so are the questions that surround it. While the collection of basic demographic data may feel mundane to the staff members typing it in, it might not feel that way to the worried parent of a sick child.

The good news is that consumers are more open to identity verification now than they used to be.
“I was just telling someone last week that every time I log into my bank to check my account and pay a bill, or I go download a song, I’m going through multiple validations to confirm my identity. And yet, we don’t even do a two-factor authentication when we’re treating patients,” Way says.

She notes that since patients are already being asked to jump through multiple hoops to verify their identity in other aspects of their online lives, it’s logical to believe they’d be willing to do so when they go to the doctor or log in to view their patient portal.

“I kind of feel like right now is a perfect time because we’re all doing that everywhere already,” Way says. “There’s such awareness on identity theft and fraud that in the digital world right now, I don’t think young people would even think twice about continuing to give information,” she adds.

Way oversees a team that follows up with patients individually when they identify mismatched information in Northwell’s patient portal, FollowMyHealth. Way’s team members have found that patients are much more forthcoming with identifiers over the phone versus during an in-person encounter.

“These patients are much more precise in a portal setting than when they’re sitting at a registrar’s desk. Patients tend to say, ‘Oh, I don’t have a phone,’ or, ‘I don’t have an email,’ when they’re sitting in an office,” Way explains. “In the doctor’s office you don’t want to stand around and fill out five pages of information, so you shorten everything. But when you’re sitting at home online trying to join the portal, you tend to give more information or different information.”

In healthcare organizations across the country, HIM professionals are actively engaged in empowering patients to own their health data and take responsibility for it. But duplicate records still proliferate and patient safety events tied to identity mismatches are still cause for alarm.

To get a better sense of what is and is not working and to get ideas on new ways to involve patients in identity management, the Journal of AHIMA asked HIM professionals closely involved with data integrity and EMPI management what they wished patients knew, as well as for their ideas on bringing patients into the verification process.

These individuals also shared some strategies for reconfiguring electronic health records (EHRs) to capture sexual orientation and gender identity (SO/GI) data, tips for thoughtfully integrating biometric devices into identity verification workflows, and ideas for tweaking the scripts that registrars and front-office staff employ when checking patients into electronic systems.

Sexual Orientation and Gender Identity Data Capture

According to the Institute of Medicine’s landmark report Crossing the Quality Chasm, patient-centered care helps foster a culture of safety. It defines patient-centered care as care that is “respectful of and responsive to individual patient preferences, needs, and values and ensures that patient values guide all clinical decisions.”

This mandate presents a challenge and an opportunity to healthcare systems and HIM departments tasked with ensuring the integrity of demographic data collected for the LGBTQ patient population.

Although the US Department of Health and Human Services (HHS) published rules in 2015 requiring that EHRs certified by the Centers for Medicare and Medicaid Services’ Meaningful Use EHR Incentive Program must include fields for SO/GI data, compliant systems and the sensitivity training that’s crucial to successfully using the SO/GI fields haven’t seen widespread adoption.

In a poll conducted at a session during AHIMA19: Health Data and Information Conference, only 46 percent of respondents surveyed said their organizations were capturing SO/GI data.

EHRs that don’t adequately capture data such as legal name, preferred name, preferred pronouns, legal sex, sexual orientation, gender identity, and sex assigned at birth puts patients at risk for identity mismatches and record overlays. As a result, physicians may not be able to view their patient’s entire medical history, which could lead to redundant tests, overlooked drug allergies, or use terminology that insults or alienates the patient.

Chris Grasso, MPH, associate vice president for informatics and data services at the Fenway Institute, says a typical example of how this might happen is a transgender patient who changes their legal name and gender and asks their primary care physician’s office to update their information there, but that information isn’t carried over to the hospital where they receive specialty care.

“There’s different reasons that people may decide to change it [their gender] in one area and not in other areas. And that’s one of the things that we’ve been really interested in actually working on, especially around some of the claims forms,” Grasso says. “Because so many of the algorithms that insurance providers use to either approve or reject a claim is oftentimes based on gender and not a person’s body parts…these patients have a much higher risk of being mismatched in an EHR system.”
Unfortunately, the burden of helping providers sort out their records and assuring their own physical safety too often falls on the patient in these cases—which is exactly the scenario AHRQ warned against when it said engaging patients in error prevention risked shifting the burden away from providers and onto the patient.

“It’s important for providers to help patients understand that their interests are aligned in terms of helping them prevent a lot of downstream headaches. But I do think it’s a lot of work,” Grasso says, for the providers and the patients. “If somebody decides to change their legal name and gender on their driver’s license and birth certificates it is a lot of work to change it everywhere. And a lot of times providers ask for documentation to prove it’s been changed.”

Way’s organization, Northwell Health, which serves the New York City and Long Island metropolitan areas, went live with its EHR’s updated SO/GI modules over a year ago, and it’s already made a huge difference for the system’s LGBTQ patients.

Prior to the SO/GI data field updates, Way’s team was spending a lot of time merging duplicate records and dealing with concerns from patients who would walk into their doctor’s office only to be called by a name they no longer used.

“I would get calls constantly from our main physician who works with those individuals going through the [gender transition] process and he expressed how frustrating it was for him and his patients,” Way says. Thankfully, this issue has improved since the update.

The Fenway Institute, where Grasso works, has created an extensive trove of materials designed to help providers sensitively roll out SO/GI-compliant platforms.

“We have actually developed very short tutorial videos that people can use as part of their training with their staff. These three-minute videos walk people through a bad interaction and a good interaction, and we also have lots of pamphlets and other documentation that people can download for free,” Grasso says.

Making Biometrics Patient-Friendly

In the absence of a unique patient identifier (UPI) and broad adoption of interoperable EHRs, many healthcare organizations are turning to biometric devices, such as palm vein, retina, and facial recognition scanners, as well as photographs of patients to improve the accuracy of their patient matches. Each of these technologies have their own set of pros and cons, but there’s research to suggest that they’re popular with patients.

According to a 2018 report from the Pew Charitable Trusts, “patients interviewed in focus groups overwhelmingly preferred the use of a unique identifier to improve patient matching, with very few individuals expressing reluctance. Participants said that a unique identifier would decrease medical mistakes, give clinicians a more complete picture of their health, and be more secure than demographic data.”2

Patient comfort levels with biometrics, according to the researchers, stem from the fact that these methods are deeply embedded in the habits of individuals who are already using facial recognition and thumbprints to unlock their cell phones and other devices.

Lorraine Possanza, DPM, JD, MBE, program director, Partnership for Health IT Patient Safety at the ECRI Institute, a nonprofit organization that focuses on patient safety, says one provider organization she worked with successfully reduced its duplicate record rates by 50 percent thanks to palm vein scanners.

This organization was very deliberate in where and how they deployed the technology, though. First, the provider looked at all the different locations where patients registered when they arrived at the facility and tried to reduce the number of access points so that patients only had to register at one point.

Then they made sure that registrars gathered the same information from patients, in the same manner, at every point and kept their explanations about the palm vein scanners consistent. The only pushback this particular provider received was from its own infection control department, which was concerned about asking patients to touch the same surface repeatedly.

Grant Landsbach, RHIA, CHDA, MSHA, system manager, data governance and interoperability, at SCL Health in Colorado, who has considered several biometric strategies, has found some drawbacks to palm vein scanning systems, including the need for large databases and complicated interfaces to support it.

“What we are starting to implement is the regular practice of taking a patient’s photo at regular intervals in some of the situations where they’re coming into the hospital. But, of course, that’s completely at their discretion,” Landsbach says.

“Then we do scan their IDs, and that means their insurance card and their driver’s license, which is pretty standard in any healthcare setting these days. In the ER, of course, we don’t do that until they’re admitted. But we’re not experts on this yet.”

Patients aren’t eager to have their photos taken when they’re very sick. These are preferences Landsbach and his team are still working through.

“I think there is a barrier with that that maybe other biometrics wouldn’t have,” Landsbach says. “There are some patients for whom photographs aren’t their thing. Now, we do have some settings, like alcohol and drug rehabilitation and some psych and behavioral settings that use pictures too. If a patient is in a mental hold or in something like that, those pictures are taken for their safety and they’re included in their general consents.”

What Patients Need to Know

While more patients are aware than ever of the role they play in helping providers avoid medical mistakes, many only notice the burdens placed on them to mitigate safety issues—such as repeated requests to verify their name and date of birth. Patients understand that their wristbands are supposed to help nurses and doctors identify them, and that barcode scanning helps ensure that medications they receive during inpatient stays are going to the right person.

But in most healthcare access points, there isn’t signage or brochures set out to remind them why it’s important to be thorough and forthcoming when they’re asked for registration information.
Northwell’s Way says there are many situations that have her wishing, “If patients only knew.” For example, she would love to see brochures or flyers that provide “know before you go” information to patients about the forms of ID they should take with them when they go to the doctor.

“I feel like we have a window of opportunity right now where there’s so much awareness for people—not just patients—about keeping their identities secure. I think that if they could see a flyer that tells them the importance of keeping their information accurate, then they would give us as much information as possible. I don’t know how deep a flyer needs to be—it wouldn’t have to explain overlays, but you could have photos of two different people with the same name, for example,” Way says.

Way and other HIM professionals have a shared frustration when it comes to ways parents sometimes choose to name twins and triplets. It’s trendy and surprisingly common for parents to choose names that rhyme—or give their kids the same first names but different middle names.

While this can create nightmares in a huge EMPI, there’s broad acceptance in the profession that this is something outside of their control. Still, Way has seen instances of twin overlays that have taken months to sort out.

This is definitely a situation where SCL Health’s Landsbach finds himself thinking, “If patients only knew.”

“If you’re the parents of twins, I mean, just saying to the registrar at the beginning of an encounter, ‘Actually, I have two daughters and they’re twins, I just want to make sure you’ve got the right one.’ Obviously, that would go very far because it would slow everybody down.”

  1. Agency for Healthcare Research and Quality. “Patient Engagement and Safety.” September 2019.
  2. The Pew Charitable Trusts. “Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records.” October 2, 2018.


Mary Butler ( is senior editor at the Journal of AHIMA.


New AHIMA Resources Centered on Patient Identification and Matching

Patient identification and matching (PIM) errors remain one of healthcare’s most systemic problems, but one of the most powerful characteristics of the healthcare community is our ability to come together as fierce advocates and bold thinkers to meet challenges with empathy, creativity, and intelligence.

AHIMA recognizes that eliminating PIM errors is essential to achieve healthcare’s primary goals—enhanced patient safety, advanced interoperability, and improved patient outcomes.

Visit our PIM page at the Journal of AHIMA to explore the opportunities and challenges of this issue: the arguments for and against the creation of a unique patient identifier, measuring the sustainability of current PIM methods, exploring the work of advocates and government to solve patient misidentification, and highlighting proven use cases that HIM teams can adapt and apply in their own healthcare settings.

Bookmark this page as a navigable resource for PIM-related articles, events, and other resources from across the organization and the HIM community:


Continuing Education Quiz

Review quiz questions and take the quiz based on this article, available online.

  • Quiz ID: Q2019105
  • Expiration Date: May 1, 2021
  • HIM Domain Area: Clinical Data Management