Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security and Privacy Standards for Patient Matching, Linking and Aggregation

Linking and aggregating patient data to improve patient safety and privacy.
  • Office of the National Coordinator for Health Information Technology (ONC) 
Start Date
  • 6/16/2015


  • Linking of Clinical and Other Data for Research
  • Use of Clinical Data for Research


STATUS: Completed Project


Linking and aggregating patient data from disparate sources cannot be done without “matching” these data in a secure manner that protects patent privacy. Effective patient matching allows users of the data (whether patients, providers, or researchers) to draw correct inferences using the data that have been linked together. Without accurate patient matching, stakeholders may inadvertently draw inaccurate conclusions that could significantly impair patient safety and privacy.


Under the Office of the National Coordinator for Health Information Technology (ONC), this project identified the best patient attributes to address the challenge of linking patients’ data across research, clinical, and claims data sets in order to support the patient-centered outcomes research (PCOR) data infrastructure that enables standardization and sharing of patient data across organizations.

Project Objectives:

  • Improve data quality by standardizing patient attributes and algorithms that can be used to reliably perform patient matching across clinical and claims data sets to improve algorithm match rates.

  • Create an open source visual tool for patient matching and aggregation.

  • Create a privacy and security application programming interface (API) or PCOR infrastructure security “layer”.

  • Include clinical data research networks in the piloting and testing of the proposed standards and services.

  • Integrate the National Plan and Provider Enumeration System (NPPES) provider identification as an additional attribute to improve patient matching across sources.


  • To advance improvements to patient matching algorithms, the team launched the Patient Matching Algorithm Challenge and developed open-source, patient matching test harness software.

  • The project team developed a gold standard data set and used it to test a widely adopted patient matching algorithm in the Gold Standard & Algorithm Testing (GSAT) for Patient Matching Pilot, a collaboration with Oregon Community Health Information Network (OCHIN) and the Kaiser Permanente Center for Health Research’s (CHR) Data Coordinating Center.

  • To advance the improvement of data quality, the project team pilot tested an implementation of the Patient Data Demographic Quality (PDDQ) Framework in collaboration with OCHIN and the Kaiser Permanente CHR.

  • The team developed a trusted security layer to enable patient control regarding how their data is shared. They also developed tools and reference implementations to facilitate data sharing and assembly of a complete longitudinal patient record from multiple sources.

  • The team worked collaboratively with the Centers for Medicare & Medicaid Services (CMS) to implement the API for NPPES on the CMS website and develop a plan to promote its adoption and use by stakeholders needing to obtain information on health care providers and health plans.




Below is a list of ASPE-funded PCORTF projects that are related to this project

Expanding Data Collection for the National Program of Cancer Registries (NPCR) for Comparative Effectiveness Research (CER) - Enhanced data collection and data linkages between central cancer registries and other health related datasets can provide researchers with essential real-world and population-based data for CER. This project built upon previous funding provided to central cancer registries operated by 10 states—part of the National Program of Cancer Registries (NPCR)—to collect detailed treatment and outcomes data from electronic data sources. The PCORTF funding extended longitudinal data collection for a subset of cancer patients in these 10 states, enabling patient-level CER of cancer outcomes, and to improve the tools and timeliness of cancer reporting to the Centers for Disease Control.

PCOR: Privacy and Security Blueprint, Legal Analysis and Ethics Framework for Data Use, & Use of Technology for Privacy - Patient level data are essential to understanding and improving health outcomes. These data must be made available to researchers in a way that ensures the protection of patient privacy while providing sufficient granularity to allow meaningful research questions to be assessed. However, current laws and policies around the use of patient level data are nuanced and sometimes conflicting, creating confusion for researchers, providers, and patients. This is a collaborative effort between the ONC and Centers for Disease Control (CDC) to conduct research and create resources to improve the privacy of patients and their data.