Measure your identity data management maturity. Take our 5-minute maturity assessment now

The Importance of Patient ID in Health Tech: Q&A with Particle Health Co-founder, Dan Horbatt  

Thought Leadership

There’s no doubt about it: the digitization of healthcare is picking up pace. A recent survey found that 99% of health system leaders say that it is important to invest in digital health. However, those same leaders note that the adoption of digital tools is still in the planning and pre-adoption stages. As interoperability requirements and patient demands compound, creating more pressure around digital transformation, it’s clear that soon healthcare organizations will have to move full-speed into digital health adoption, or risk being left behind.   

As organizations consider where to invest into their tech stack and how to get the best out of their digital tools, it’s important to ensure that the technology solutions put in place are supported by an underlying foundation of accurate, reliable data. Siloed, inaccurate patient data has historically been a challenge for health leaders, and the importance of reliable data has only grown in recent years. 72% of healthcare executives are “concerned” or “extremely concerned” that siloed, inaccurate data has negative impacts on care quality and the bottom line.   

It also explains why the Joint Commission sets annual patient safety goals for nine healthcare categories: ambulatory; assisted living community; behavioral and human services; critical access hospital; home care; hospital; laboratory services; nursing care center; and office-based surgery. So, what can healthcare technology partners do to ensure that their solutions are the most relevant and effective for healthcare executives looking to expand their digital toolkits? According to Particle Health Co-founder, Dan Horbatt, focusing on identity resolution is key. We sat down with Dan to discuss his take on current technology solutions and identity resolution.  

Verato Q&A with Dan Horbatt, Particle Health  

In your view, what are some of the most common and significant weaknesses of identity resolution measures in healthcare technology? How do they affect users/healthcare organizations?  

As it stands, there is no technical guidance as to what constitutes proper identity resolution. There are a number of standards for identity proofing, but that’s only a small portion of the identity problem space. Almost all transfer of medical records relies on identity resolution, which means it depends on each and every vendor’s particular implementation and interpretation of identity. Overwhelmingly this has all appearances of having come to a working equilibrium, but there’s still a long tail of work to be done. As best as we can tell, this long tail constitutes the failure to exchange a single-digit percent of transactions. While that doesn’t seem like much, if you consider the scale at which data is being shared (hundreds of thousands, or even millions of records), this single-digit percentage translates into a large number of providers who don’t have ready access to complete medical records and therefore can’t provide the best care.   

Why is it so important to ensure identity resolution measures are as strong as possible in tech solutions for healthcare?   

The healthcare industry is moving quickly to automate and digitize all sorts of processes due to a combination of addressing policy requirements and reducing costs. Transferring protected health information has never been faster, cheaper or easier. With this change, the scale of data being transferred will grow exponentially, meaning that errors in identity resolution will grow alongside. If we, as an industry, do not nail these problems, we’re going to be negligent with our patients’ information; inadvertent releases and HIPAA violations are just the obvious consequences. As automated processes begin to expect high-quality data present, when we fail to get that data, we’re going to miss more opportunities to provide better treatment in the best case and miss harmful outcomes such as prescribed drug interactions in the worst case.  

What are the specific features and characteristics of a strong and effective identity resolution approach? Why is each one important?  

As it stands, there is no technical guidance as to what constitutes proper identity resolution. There are a number of standards for identity proofing, but A strong and effective identity resolution approach consists of a number of factors: Contextual data and handling state transitions. A simple series of string matches on data is no longer sufficient. Solutions need to be able to take into account the myriad of differences in data that represent the same person. Shortened versions of names, differing phonetic translations of names, and variances in between “First St” and “1st st” are just a few examples. When you start getting into people changing their name due to marital status or just to mix things up, or moving every 6 months for a few years, the complexity becomes astronomical.  

What are the pros and cons of building an identity resolution solution in-house vs. purchasing a solution? (i.e., cost, time, risks, etc.) 

This is such a complex space that no one is going to get it right at first building in-house; it will be an iterative process. Companies will have to decide if iterating on this challenge is going to be a competitive advantage for them, or if they’re willing to use industry best practices from the start. Purchasing a proven solution can be far cheaper and get products to market faster — especially when considering the cost of fixing prior assumptions (something inherent to building in-house) and the pathological scenarios of getting identity resolution wrong. On the other hand, if a company needs to conform to more stringent identity and auditing requirements, it may only be possible to do in-house. 

What are common challenges/roadblocks technology organizations face when implementing identity resolution into their solution? Why?   

Similar to any technical lift, organizations will attempt to build a minimum viable solution to the problem. As they realize the limitations of their initial approach, they’ll need to staff up a more robust implementation, or outsource to a trusted third party to handle it for them. With either of those shifts, all the original assumptions will need to be questioned and tricky migrations from old state to new will need to be undertaken. This is when edge cases come and derail the project. What happens when you realize you inadvertently merged two patients into the same record and realize that was wrong? To the surprise of no experienced IT implementer, the sooner you can start with a robust solution, the less complexity and cost you’ll have in the long term.  

What specific steps should organizations take to assess the strength of their current solutions, to address any weaknesses they find, and to develop a best-in-breed approach/solution to identity resolution?  

Organizations should periodically check in with how they treat identity. How are identities stored? What assumptions have been made around the mutability of identity? Are they able to handle merging identities when they find someone using an alias, or when taking/removing a partner’s name? Are they able to reconcile and fix an incorrect merge? Is there audit logging in place to know when and why that happened and any actions that might have been taken that need to get corrected after the fact?  

After that, there should be a very deliberate practice of determining how the organization wants to skew between type 1 (false positive) and type 2 (false negative) errors. It is impossible to be perfect; even with the best heuristics in place, the data that enters the system will never be perfectly clean. A cost-benefit analysis will need to be done for both types of errors given the context of the identity resolution.  

In your view, what are the risks that today’s healthcare technology companies face if they don’t ensure their identity resolution capabilities are as strong as they can be, and why?  

Identity resolution is the most important, and trickiest, part of the seamless sharing of medical records. Enabling this flow of data is no longer going to be optional or nice to have, it’s going to be mandated. Not building solutions with this in mind from the ground up is going to result in competition providing better care for cheaper on one hand, and possible exorbitant fines on the other.  


Check out the report Achieving a 360-Degree View of the Patient to learn more about healthcare executives’ concerns and priorities when it comes to patient data, or learn more about how Verato helps health tech companies like Particle Health improve their solutions with industry-leading patient identity resolution services.