This post is part of our Identity First. Everything Follows. blog series, in which we explore our response to CMS’s 2025 RFI in partnership with Snowflake.
Healthcare has made major strides in building digital bridges between systems. From the rollout of FHIR-based APIs to the nationwide ambitions of the Trusted Exchange Framework and Common Agreement (TEFCA), there’s no shortage of initiatives designed to improve how health data flows between hospitals, payers, labs, and health tech platforms. At the same time, the growing adoption of cloud-native data architectures has made it easier to centralize and analyze health information at scale.
But for all this progress, a fundamental issue still derails interoperability efforts every day: the identity data that flows through and powers it all.
Despite the technical ability to move data from point A to point B, many healthcare organizations still struggle to answer a basic but critical question consistently and accurately: Who is this data about?
This is the core of the public RFI the Centers for Medicare & Medicaid Services (CMS) published recently, seeking input on “how best to advance a seamless, secure, and patient-centered digital health infrastructure [and] unlock the power of modern technology to help seniors and their families take control of their health and well-being, manage chronic conditions, and access care more efficiently.”
Verato, in partnership with Snowflake, offered guidance that we’ll be breaking down in a series of blog posts. It comes down to this: The ability to exchange data doesn’t matter if the systems involved can’t agree on who that data belongs to. So, until the healthcare ecosystem addresses identity as a foundational layer of interoperability, organizations will continue to face breakdowns in data usability, care coordination, and patient trust.
Interoperability isn’t just about connectivity or compliance—it’s also about context. But as it exists today, lacking the complete and trusted identity context, interoperability fails to achieve its goals.
The interoperability illusion
Healthcare leaders often assume that once systems are technically connected, data can flow freely and usefully. That assumption is understandable, but it’s unfortunately wrong.
FHIR, TEFCA, and healthcare information exchange (HIE) frameworks are designed to support data exchange, but they don’t ensure data usability. For that to happen, every system involved must have a shared understanding of who the data is about.
The problem then shifts to the non-static nature of ever-evolving patient identities. People change names, they move and have nicknames. There are also typos to contend with and different insurance information across systems. These seemingly minor discrepancies create massive complications, especially when systems rely on legacy matching solutions that can’t over come the data fluidity of demographics in modern data exchange.
Even when the structural standards are in place and the semantics are aligned, one mismatched field, like a slightly misspelled last name or an outdated address, can cause the receiving system to fail to match the incoming data with the correct individual.
This results in perfectly structured, standards-compliant data that arrives and then goes unused, making the illusion of interoperability complete. The message was delivered, but the meaning and the patient got lost in translation.
Why identity is the critical pillar
To understand where things go wrong, it helps to revisit the Health Information and Management Systems Society (HIMSS) framework for interoperability. HIMSS outlines four levels:
- Foundational – Systems can connect and exchange data.
- Structural – Data formats and syntax are standardized.
- Semantic – Shared vocabularies ensure the data means the same thing on both ends.
- Organizational – Governance and policy frameworks enable the secure use of that data.
These levels are essential, but they don’t guarantee that systems are speaking about the same person. And that’s a major oversight.
What’s missing is a fifth layer: Identity Interoperability.
This layer sits between Semantic (3) and Organizational (4) interoperability. It ensures that the individual referenced in the data, regardless of the system it comes from, can be reliably identified and matched across the ecosystem. It’s not enough to know what the data means or how to exchange it. You need to know who it belongs to.
And unlike the earlier layers, where the burden often falls on the sender, identity interoperability places the burden on the receiver. Receiving systems must be able to match incoming data to the right person in their records, even when the demographics don’t align perfectly.
It sounds simple, but hidden barriers are preventing it.
The hidden challenges that break identity matching
Standardizing demographic data has been a step forward, but it’s not enough. Here’s why:
- Demographics change constantly. Minor and incredibly common life events can disrupt matching, like a phone number update, a name change due to marriage or divorce, or simultaneous changes to multiple fields.
- Patients are reluctant to share sensitive data. In a landscape of frequent data breaches, many people withhold Social Security numbers and other key identifiers, leaving systems to guess using limited or outdated info.
- Errors in data entry are inevitable. A single typo in a date of birth or address can derail even the most sophisticated matching algorithms. And when multiple discrepancies occur at once, the system may fail entirely.
This fragility is precisely why today’s record-matching approaches often fall short—and why a foundational identity layer is critical.
When identity fails, so does everything else
The consequences of poor identity matching are not hypothetical. They show up every day across the healthcare system:
- A referral falls through because the receiving electronic health record (EHR) system doesn’t recognize the patient, even though their demographics were entered correctly elsewhere.
- A TEFCA query returns no data, not because the data doesn’t exist, but because the matching criteria weren’t identical across systems.
- A data warehouse produces fragmented records, leaving care teams with an incomplete view of the patient’s history, and potentially dangerous blind spots.
- Payers process duplicate claims or deny legitimate ones because patient identities don’t align across facilities.
In each scenario, the system appears to be interoperable. The pipes are connected. The data moved. But none of it mattered, because identity failed.
Verato’s perspective: The Identity Interoperability Layer
At Verato, we believe the industry needs to stop treating identity resolution as a data quality task and start treating it as a core infrastructure layer, just like APIs, governance, or consent.
Organizations should have referential matching technology to create a persistent identity foundation across all systems. Best-in-class options incorporate nationwide reference datasets, advanced probabilistic logic, and real-time synchronization to deliver accurate, life-event resilient identity resolution—even when demographic fields are missing or in conflict.
This is what we call the Identity Interoperability Layer—a foundational component that enables health data to be matched, trusted, and used wherever it flows
Healthcare doesn’t need more data. It needs trusted identity to make the data it already has useful. If your organization is investing in interoperability without solving for identity, you’re leaving outcomes, efficiency, and patient trust on the table.
Connect with Verato to explore how our Identity Interoperability Layer can support your exchange initiatives—from TEFCA compliance to connected care.
