Rasi Bhadramani/istock via Getty

How the MATCH IT Act aims to reduce patient misidentification

The MATCH IT Act attempts to decrease patient misidentification, improve patient safety and privacy and bring down costs.

Patient misidentification can have negative implications for interoperability, patient safety and privacy. Without widely adopted industry standards for patient matching, this problem is persisting, experts say, leading to errors and duplicate records.

Patient identification errors can also contribute to increased costs for healthcare organizations, research shows. Black Book Research found that approximately one in three claim denials result from inaccurate patient matching, costing hospitals an average of $2.5 million and healthcare systems more than $6.7 billion annually.

This issue has prompted legislators to take action to establish standards and protocols to improve patient matching.

In March 2025, United States Reps. Mike Kelly (R-Pa.) and Bill Foster (D-Ill.) reintroduced the Patient Matching and Transparency in Certified Health IT (MATCH IT) Act. Kelly and Foster first introduced the MATCH IT Act in February 2024.

If passed, the MATCH IT Act would establish an industry-wide definition for "patient match rate" and document improvements to patient matching over time. It would also standardize demographic elements across certified health IT products.

The following article explores common factors that contribute to patient misidentification and how the MATCH IT Act is attempting to remedy these challenges.

Understanding patient misidentification woes

Patient identification is the process of accurately matching a patient to intended medical interventions.

However, patient misidentification can occur when disparate or mismatched medical records exist across the healthcare continuum. This can lead to confusion over proper treatment, claim denials and test result misfiling, and ultimately, harm and increased costs to patients.

According to Black Book Research findings, an average of 24% of an organization's patient records were found to be duplicates, leading to confusion and heightened costs. The findings were from a survey of 1,485 health technology managers.

The report found that expenses tied to repeated medical care due to duplicate records average $1,950 per patient for an inpatient stay and more than $1,700 per emergency department visit.

Beyond the significant financial consequences of patient misidentification, legislators and industry groups have stressed that this issue can lead to adverse medical outcomes, privacy breaches and reduced patient safety, while contributing to interoperability gaps.

In 2019, the Government Accountability Office (GAO) found that 45% of large hospitals reported that challenges with accurately identifying patients across health IT systems limited health information exchange.

These persistent issues led several industry leaders to form a coalition in 2020, known as Patient ID Now. The coalition aims to improve patient identification at a national level through legislation. Founding members include the American Health Information Management Association (AHIMA), HIMSS, the College of Healthcare Information Management Executives (CHIME) and Intermountain Health.

Patient ID Now endorsed the MATCH IT Act, championing its ability to decrease rates of patient misidentification and improve patient privacy.

Exploring MATCH IT Act provisions

The bipartisan MATCH IT Act promises to establish industry standards for patient matching and reduce the risks that come with patient misidentification.

"The MATCH IT Act has the potential to materially decrease false patient identification and medical record attribution and increase patient safety," said Aaron Maguregei, partner at Foley & Lardner, who advises healthcare organizations.  

"The ability to correctly match patients with medical records would lead to fewer inadvertent disclosures of patient medical records and, more importantly, fewer instances of patient misidentification."

Specifically, the proposed legislation seeks to define the patient match rate to ensure that healthcare organizations can accurately measure patient matches and misidentifications. Ideally, this definition would account for duplicate or overlaid records, instances of multiple matches found and mismatch rates within the same provider systems.

The legislation proposes revisiting this definition and accompanying standards at least every three years to ensure that they reflect changes in technology and processes.

Additionally, no later than 180 days after the enactment of the MATCH IT Act, the Office of the National Coordinator for Health IT (ONC) must "review the current data set in the United States Core Data for Interoperability and identify, define, and adopt the minimum data set needed to support the adoption of patient matching by entities" at a rate of 99.9%, the bill's text states.

The MATCH IT Act also requires ONC to consult relevant healthcare stakeholders to inform the patient match rate definition and the minimum data set criteria.

From a privacy perspective, the MATCH IT Act settles on a middle ground compared to past efforts to implement a national unique patient identifier.

"HIPAA originally mandated a unique patient identifier. Despite the mandate, this provision of HIPAA has never been implemented due to privacy concerns, including the ability to track an individual or increase the risk of patient identity theft," Maguregei said.

"The MATCH IT Act is intended to strike a balance between the dangers of a single unique patient identifier and the existing data infrastructure that providers utilize on a daily basis -- the goal being to reduce patient misidentification and to not increase the burden on providers with yet another process or regulatory requirement."

AHIMA, CHIME and other Patient ID Now coalition members applauded the reintroduction of the MATCH IT Act, identifying the legislation as a crucial step toward establishing patient matching standards at a time when the industry is embracing new technologies.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.

Dig Deeper on Heathcare policy and regulation