When it comes to health data interoperability, everything begins with identity. If we can’t confirm who a patient is or who’s authorized to access their data, then every other piece of the healthcare system is compromised. It’s a challenge that’s persisted for decades, yet it remains one of the most overlooked. Until we solve identity-related disconnects, the future of health data exchange remains on shaky ground.
Let’s take a closer look at where identity breaks down today and how collaborative efforts – from legislation to voluntary standards – are building momentum for change.
Identity Isn’t One Challenge – It’s Two
Ask someone in healthcare what identity means, and they’ll likely think about patients. But verifying the people and organizations accessing that data – clinician and endpoint identity – is just as important.
On the patient identity front, we’re still experiencing the effects of a 1999 congressional ban that prevented federal funding for a unique patient identifier. The provision within the Labor-HHS appropriations legislation leaves hospitals and health systems to fend for themselves, using their own tools and logic to match records. This can result in inconsistency, duplication, and major risk for those providers.
On the provider side, we rely more on digital credentials and identity proofing, but even that varies depending on the exchange method. Direct Secure Messaging, query-based exchange, and newer approaches like Facilitated Fast Healthcare Interoperability Resources (FHIR) all come with different levels of trust – and often, different credentials. There’s no single, unified approach, which leaves room for gaps.
When Identity Fails, Patients Pay the Price
The impact of poor identity matching isn’t just technical – it’s deeply human. In one example, a mother’s record was mistakenly merged with that of a drug-seeking patient. When she arrived at the hospital to give birth, the staff alerted law enforcement based on false information. In another case, a father was told he had terminal cancer and only four months to live. Weeks later, he found out that the test results belonged to someone else. As terrible as that month was for him, the other family lost a month with their loved one before learning the truth.
Unfortunately, these are not isolated incidents. Every day, clinicians must make decisions based on incomplete or inaccurate records, causing patients to experience duplicate testing, delayed diagnoses, billing errors, and privacy breaches. Behind the scenes, health information managers are spending too much time reconciling records – often manually – just to safely deliver quality care.
The financial toll is just as serious. When patient identities don’t match, hospitals end up duplicating care and procedures – adding nearly $2,000 to every hospital stay and $1,700 to each emergency department visit. More than a third of denied insurance claims are tied to these errors, costing our healthcare system more than $6.7 billion a year.
A Legislative Path with Broad Support
To address patient identification and matching, AHIMA has taken a leading role in advocating for meaningful policy change. In March, bipartisan representatives reintroduced the MATCH IT Act of 2025. The bill aims to bring much-needed clarity and consistency to patient matching and promises to:
- Define a measurable, standardized way to assess patient match rates
- Identify a minimum demographic dataset to help reach 99.9 percent match accuracy
- Standardize how that data is entered – for example, phone number formats or how to handle missing fields
- Require certified health IT systems to support these standards
- Offer optional match rate reporting and bonuses under the Centers for Medicare and Medicaid Services (CMS) Promoting Interoperability program
The MATCH IT Act doesn’t mandate a specific technology or unique identifier. Instead, it creates a framework that any vendor or provider can work within.
AHIMA also co-founded the Patient ID Now coalition – alongside CHIME, HIMSS, and Intermountain Health. The coalition now boasts more than 50 organizations and continues to advocate for a national strategy on patient matching, even as the path forward for lifting the federal funding ban remains uncertain.
The Patient ID Now coalition and AHIMA will offer a free webinar on July 8 called “The MATCH IT Act: Charting a Path to Accurate Patient Matching.” Attendees will hear from experts about the real-world effects of mismatched records and learn how the MATCH IT Act of 2025 proposes clear, practical solutions.
DirectTrust’s Approach: PEHRLS
While federal policy evolves, DirectTrust®, a nonprofit trade alliance, is moving ahead with its own solution: the PEHRLS (Privacy-Enhancing Electronic Health Record Locator Service) Ecosystem Consensus Body. The group is designing a privacy-preserving, patient-driven standard for a unique identifier – one that patients can opt into if they want their records linked across systems.
Rather than wait for policy to catch up, DirectTrust is laying the groundwork now so the infrastructure will be ready when and if the opportunity comes.
On the provider side, identity verification is equally critical. When someone sends or receives sensitive data, they need to be absolutely certain of who’s on the other end.
DirectTrust helps make that possible through its digital trust framework. Whether organizations exchange data through Direct Secure Messaging, query-based systems, or Facilitated FHIR, identity is anchored in digital certificates issued through a verified process. This helps ensure data only flows among credentialed, trusted users.
If we don’t get clinician and endpoint identity right, we risk repeating the same problems we’ve seen with patient data: fragmentation, duplication, and loss of trust.
Getting Involved
Solving identity won’t happen overnight, and it won’t happen at all unless more people get involved. This is where standards bodies and advocacy coalitions can make a difference. If you’re passionate about health data, there’s a role for you. Whether that means joining the advocacy efforts of AHIMA, engaging with DirectTrust’s standards work, or simply starting a conversation in your own organization – now is the time:
- To learn more about the MATCH IT Act or to join Patient ID Now, visit AHIMA Advocacy.
- To explore the PEHRLS Consensus Body and learn more about endpoint identity, visit DirectTrust.
The future of healthcare interoperability depends on getting identity right. It’s not just a tech problem – it’s a trust problem. Let’s fix it together.
Jennifer Mueller, MBA, RHIA, SHIMSS, FACHE, FAHIMA, FACHDM, is senior vice president of health information career advancement at AHIMA; Kate McFadyen is senior director of government affairs at AHIMA; and Kathryn Ayers Wickenhauser, MBA, FACHDM, CHPC, is chief strategy officer for DirectTrust.
By Jennifer Mueller, MBA, RHIA, SHIMSS, FACHE, FAHIMA, FACHDM, Kate McFadyen, and Kathryn Ayers Wickenhauser, MBA, FACHDM, CHPC