Privacy Group Comments on ONC's Patient Data Matching Report


At an Office of the National Coordinator for Health IT meeting last week, advocacy group Patient Privacy Rights said that initial findings from an ONC report on how to match patients with their health data addressed problems with current health IT systems and data exchanges but missed an opportunity to create and leverage patient engagement in controlling their own health data, Health Data Management reports (Goedert, Health Data Management, 12/20).

Background on ONC Report

In September, ONC announced it would launch a collaborative project to determine "common denominators and best practices" used by private health systems and federal agencies for matching patients with their data during health information exchange.

The study included interviews with more than 50 large health systems and health IT software developers.

Earlier this month, ONC released initial findings from the study. It recommended that all relevant health information exchange transactions should include standardized patient identifying attributes, including:

  • Current and past addresses;
  • Date of birth;
  • Full name;
  • Gender; and
  • Phone numbers.

The report also suggested that:

  • Additional data attributes to improve patient matching should be studied;
  • An open source algorithm should be developed to test and build patient matching capabilities;
  • Certified electronic health record systems should be required to generate and provide reports that detail potential duplicate patient records; and
  • EHR certification criteria should include the ability to capture patient identifying attributes.

In addition, the report stated that industry stakeholders should work to develop:

  • Formal best practices for patient matching and data governance;
  • Policies to encourage consumers to keep their health information accurate and up to date; and
  • Educational and training materials for verifying patient data attributes (iHealthBeat, 12/17).

Comments From Patient Privacy Rights

Patient Privacy Rights said that "the findings address today's problems without anticipating where we will be tomorrow; they did not foresee that the HITECH Act and meaningful use requirements can be used to resolve many of today's problems without patient identity and patient matching."

The group continued, "Today, the nation's sensitive health records are exchanged by hundreds of hidden users without meaningful informed consent," adding, "Health technology systems violate our federal rights to see who used our data and why."

Patient Privacy Rights said that meaningful patient engagement "will enable patients to fully participate in their health care and in electronic systems" and "ensure they can access, control or delegate use and disclosure of [personal health information], and monitor all health data exchange automatically in real-time" (Health Data Management, 12/20).


to share your thoughts on this article.