Patient Demographic Record Matching

Printer Friendly, PDF & Email
Type Standard / Implementation Specification Standards Process Maturity Implementation Maturity Adoption Level Federally required Cost Test Tool Availability
Standard
Final
Production
Rating 5
No
Free
Yes
Implementation Specification
Final
Production
Rating 5
No
Free
Yes
Implementation Specification
Final
Production
Rating 5
No
Free
Yes
Emerging Implementation Specification
Balloted Draft
Pilot
Feedback Requested
No
Free
No
Limitations, Dependencies, and Preconditions for Consideration Applicable Value Set(s) and Starter Set(s)
  • Chapter 3 of the HL7 Standard 2.5.1 named "Patient Administration" is the relevant chapter for Clinical and Administrative Domains.
  • NIST Special Publication 800-63, Revision 3 defines technical requirements in each of the areas of identity proofing, registration, authenticators, management processes, authentication protocols, federation, and related assertions. These guidelines can be applied for identity proofing of any user or participant in healthcare such as clinicians, caregivers, patients and others.
  • The Implementation Guide for Expressing Context in Direct Messaging was designed to facilitate inter-organizational patient demographic record matching by standardizing the inclusion of patient demographic metadata in Direct messages. Direct is also listed in several Interoperability Needs in Section III-A.
  • Patient Identity Proofing is outside of the scope of this interoperability need but more information related to this topic is below: 
    • Identity Proofing.  Each Signatory’s security policy shall include the following elements to ensure appropriate identity proofing:
      • (i) End Users (provider).  Each Signatory shall identity proof participating End Users at Identity Assurance Level 2 (IAL2) prior to issuance of access credentials; and
      • (ii) Individuals (patient).  Each Signatory shall identity proof participating individuals at Identity Assurance Level 2 (IAL2) prior to issuance of access credentials; provided, however, that the Signatory may supplement identity information by allowing Participant staff to act as trusted referees and authoritative sources by using personal knowledge of the identity of the individuals (e.g., physical comparison to legal photographic identification cards such as driver’s licenses or passports, or employee or school identification badges) collected during an antecedent in-person registration event.  All collected personally identifiable information collected by the Signatory shall be limited to the minimum necessary to resolve a unique identity.
  • See HL7 V2  IHE, and Direct projects in the Interoperability Proving Ground.
  • Secure Communication – create a secure channel for client-to- serve and server-to-server communication.
  • Secure Message Router – securely route and enforce policy on inbound and outbound messages without interruption of delivery.
  • Authentication Enforcer – centralized authentication processes.
  • Authorization Enforcer – specifies access control policies.
  • Credential Tokenizer – encapsulate credentials as a security token for reuse  (e.g.,  – SAML, Kerberos).
  • Assertion Builder – define processing logic for identity, authorization and attribute statements.
  • User Role – identifies the role asserted by the individual initiating the transaction.
  • Purpose of Use - Identifies the purpose for the transaction.

Comment

Patient Identity Assurance Level (IAL2)

I agree completely with the desire to identity proof patients to the level of IAL2.  However, I'm not understanding the last sentence of this consideration: "all collected PII collected by the Signatory shall be limited to the minimum necessary to resolve a unique identity and the Signatory shall not copy and retain such PII".  The Signatory should and in fact MUST be able to copy and retain PII to properly perform identity assurance. 

One of the elements necessary to perform strong identity proofing is to verify a strong or superior piece of identity evidence (like the patient's drivers license).  During the course of verification the image of the identity evidence may be imaged and sent to a 3rd party to "proof" the authenticity of the document.  Typically the image of the drivers license is kept on file by the Provider along with an image of the insurance card.  Would maintaining a copy or image of the driver's license and insurance card violate the language in this sentence?  It appears that it would.  Also the PII data gleaned from those documents (person's name, address, DOB, etc.) is also "retained".

This sentence should be revised to state "All collected PII collected by the Signatory shall be limited to the minimum necessary to resolve a unique identity." 

Implementation Guide for Expressing Context in Direct Messaging

The Implementation Guide for Expressing Context in Direct Messaging, published by the Direct Project, was designed to facilitate inter-organizational patient demographic record matching by standardizing the inclusion of patient demographic metadata in Direct messages, and should be added to this category. This standard was successfully piloted by the Direct Project community at their October 2017 connect-a-thon. 

Luis Maas

CTO, EMR Direct