For decades, Americans have been required to have a Social Security Number (SSN).  We use it for taxes, employment, banking, retirement, and countless forms of identification. Yet accurately identifying patients remains one of healthcare’s most persistent and consequential challenges despite seeming, on the surface, like a problem that should have been solved long ago.  Isn’t it way past time that we create a patient safety identifier capable of achieving a perfect match during interactions with providers?   After providing some background, I’ll discuss what a more practical long-term approach might look like.

I recently reviewed the sponsors of the MATCH Act, an impressive and well-meaning bipartisan effort to improve patient matching.  The legislation embraces probabilistic matching, a practical near-term solution that uses combinations of demographic and clinical data to improve accuracy.  It is an important step forward, but I believe healthcare should aim higher.  Patients, families, providers, and payers deserve something more reliable: an exact match.

If the United States effectively requires a Social Security Number for nearly every citizen, why can’t patients have a patient-generated healthcare identifier, perhaps even something as familiar as an email address?  The answer is more complicated than it first appears.

Healthcare has struggled with patient identity for decades.  Duplicate medical records, mismatched information, and fragmented data continue to plague health systems across the country.  Anyone who has worked in healthcare IT has witnessed the consequences.  Patients must repeatedly enter demographic information, clinicians are forced to search for incomplete records, and organizations spend millions on duplicate tests and reconciling multiple charts.  Patient matching problems create real patient safety risks.  Missing charts, incomplete allergies, inaccurate medication histories, duplicate imaging studies, delayed diagnoses, and failures in care coordination can all occur when patient identity breaks down.

Ironically, policymakers recognized this challenge decades ago.  When the 1996 Health Insurance Portability and Accountability Act (HIPAA) was passed, the legislation originally contemplated a unique patient identifier for healthcare.  Immediately privacy concerns surfaced.  Critics feared a government-controlled medical tracking number could threaten civil liberties, expand surveillance, or expose sensitive personal information if breached.  Congress ultimately prohibited federal funding for a national patient identifier, effectively freezing the concept for decades.  As a workaround, organizations now rely on combinations of names, birth dates, addresses, phone numbers, insurance IDs, medical record numbers, and other demographic data to match patients.

Until recently I thought we should simply allow patients to create their own healthcare identifier using an email address.  At first glance, the idea sounded compelling.  Email addresses are easy to remember, relatively unique, and already central to modern life.  Patients use them for banking, travel, shopping, and increasingly for healthcare portals. A patient-generated identifier (PGID) could provide individuals with greater control over their healthcare identity while reducing matching problems.

But legitimate concerns remain.  Email addresses are not permanent.  People change jobs and lose employer accounts.  They abandon addresses after cybersecurity breaches or overwhelming spam.  Some maintain multiple accounts or frequently switch providers.  Email access is also not universal or consistently maintained.  Older adults, underserved populations, individuals experiencing homelessness, and some behavioral health populations may lack reliable access or stable digital identities.

Then there is the issue of shared access.  Families often share email accounts.  Parents manage healthcare for children.  Adult children coordinate care for aging parents.  Caregivers frequently help patients navigate appointments and treatment plans. Email addresses are useful but not sufficiently stable or trusted to function as a lifelong healthcare identifier on their own.

If we do decide on a national patient identifier, it must be unique per individual, not assigned by any authority.  The format must be consistent and modifiable only by the individual.

Perhaps the future is not a single national patient identifier at all.  Instead, healthcare may evolve toward a patient-controlled digital identity model built on multiple trusted elements working together such as:

• Verified email addresses
• Mobile phone authentication
• Government-issued identity verification
• Biometrics
• Multi-factor authentication
• Patient-managed consent and privacy controls

Rather than depending on one static identifier, patients could carry a trusted digital credential that securely connects them across health systems, physician practices, pharmacies, laboratories, payers, and digital health applications.  In many ways, this resembles how modern banking, travel, and secure commerce already function.  Healthcare may finally be able to catch up.  Regardless, legitimate concerns remain.

Instead of asking, “Should we create a national patient identifier?”  A more relevant question is, “Can we create a trusted, privacy-preserving, patient-controlled identity system that improves safety, interoperability, and patient experience without introducing the risks of a government-controlled identifier?”

Healthcare works best when we know with absolute certainty that we are caring for the right patient at the right time.  And after decades of debate, perhaps the future of healthcare identity belongs not to government but to patients themselves.  A patient-controlled identification system is not merely a technology problem.  It is a governance, trust, privacy, and operational problem.  What practical governance models could actually work?  There are several including but not limited to federally mandated with central registry, federally mandated without a central registry, public-private utility, and commercial identity networks.  None are easy.

I believe a public-private utility is the better option.  Healthcare already runs many “national utilities” without direct federal operation.  Think of how payment networks, prescription routing, or internet domain management work.  A quasi-independent nonprofit utility could be chartered and regulated, with oversight from HHS but not direct government control.

Potential governance could include:

• Providers
• Payers
• Consumer advocates
• Privacy experts
• Cybersecurity leaders
• State government representation
• Technology vendors

This resembles a healthcare equivalent of the Clearing House for banking infrastructure, ICANN for internet identity, and DirectTrust for digital trust.  We must weigh the:

• Advantages
  • Less politically charged
  • Multi-stakeholder governance
  • More innovation flexibility
  • Better patient trust than direct federal ownership
• Challenges
  • Governance complexity
  • Funding model disputes
  • Risk of vendor capture
  • Questions about accountability

For healthcare, this might be the “Goldilocks” model.  It is not fully federal, not fully commercial.  In practical terms here are proposed roles:

• Federal government sets rules, privacy protections, certification standards, and audit requirements.
• A nonprofit healthcare identity trust manages interoperability.
• Providers, payers, pharmacies, and labs validate identity locally.
• Patients control consent and permissions.
• No single centralized national database exists.

Such an approach balances:

• Patient safety
• Privacy
• Interoperability
• Cybersecurity resilience
• Political feasibility

Healthcare does not need a workaround.  We need a trusted identity framework that protects privacy, improves safety, and gives patients greater control over their own information.  The real question is not whether we can build it.  We must ensure that every individual, regardless of circumstance or economic means, is educated about digital identity, what it is, why it matters, and how to protect and manage it, while also ensuring equitable access to the digital resources required to participate fully and safely.  The question is whether we have the collective will to finally solve a problem we have discussed for more than three decades.

Will it be hard?  Yes, very hard.  Will it be worthwhile?  Yes, very worthwhile.  Can it be done?  Yes, it can.  Let’s discuss how to move from probability to certainty in patient identification.  When?  Now.