A national patient identifier would make vaccinating the entire U.S. population easier

If you tried to book a COVID-19 vaccine in 2021, you probably remember juggling portals, emails, text confirmations, and mysterious “account not found” errors.
Now imagine trying to coordinate that chaos not just for you, but for 330 million people. That’s essentially what U.S. public health agencies had to dowithout a
standard way to tell which John Smith in which system was actually you.

That problem is at the heart of the debate around a national patient identifier (sometimes called a unique patient identifier). In plain English,
it’s a single, standardized number or token that would follow you wherever you get care: your doctor’s office, a pharmacy, a mass vaccination clinic, or a pop-up
site in a school gym. Supporters argue that it would dramatically simplify vaccination campaigns, improve data quality, and make sure the right dose goes into the
right arm at the right time. Critics worry about privacy, surveillance, and cybersecurity.

In this article, we’ll unpack why the United States still doesn’t have a national patient identifier, how that complicated COVID-19 vaccination efforts, and why
having one could make vaccinating the entire U.S. population not only easier, but safer and more equitable.

The messy status quo: matching patients without a standard ID

On paper, the idea of a national patient identifier isn’t new. When Congress passed HIPAA in 1996, it actually required creation of unique identifiers
for patients as part of broader health data standards. But in 1999, lawmakers added a prohibition that blocked the Department of Health and Human Services (HHS)
from spending federal funds to develop or implement such an identifier, largely due to privacy concerns. That funding ban has been renewed annually ever since,
even as the rest of healthcare has gone digital.

Instead of one consistent identifier, we have a patchwork of IDs:

• Medical record numbers that only work inside a single health system.
• Insurance member IDs that change when people switch plans or jobs.
• State immunization registry identifiers that don’t always sync across borders.
• Occasional use of phone numbers, email addresses, or other “creative” identifiers that people frequently change.

To connect records across systems, organizations rely on “patient matching.” That means algorithms and humans compare names, birth dates, addresses, phone
numbers, and other details to guess whether two records belong to the same person. It works… until it doesn’t.

Research has found that as many as one in five patient records may be incorrectly linked or mismatched in some settings. That’s not just a minor clerical hiccup.
Mismatched records can lead to missing vaccinations, duplicate doses, incorrect risk assessments, and delays in outreach to people who still need shots.

Public health agencies face an extra challenge. Immunization Information Systems (IIS) pull data from thousands of providerspharmacies, clinics, hospitals, pop-up
sitesand try to consolidate it into one record per person. Without a standard patient identifier, these registries must constantly de-duplicate records and guess
which ones belong together. The Centers for Disease Control and Prevention (CDC) has even published best practices for de-duplication because the problem is so
pervasive.

What COVID-19 vaccination taught us about patient identity

The COVID-19 vaccine rollout was like an enormous stress test for our fragmented identity systems. Instead of a single, coherent vaccination database, the country
ended up with:

• Separate state and jurisdiction-level IIS systems, each with their own rules and data formats.
• Multiple scheduling portals, often not connected to the state registry in real time.
• People crossing county or state lines to find available appointments.
• Large pharmacy chains and mass vaccination sites feeding data into public systems at varying speeds.

The second-dose scavenger hunt

For vaccines that required two doses, public health teams had to figure out who got a first shot but had not yet returned for the second. That sounds simple,
until you realize:

• Some people booked their first dose at a county clinic and the second at a pharmacy.
• Others changed jobs or insurance in between doses, creating new records.
• Spelling differences, typos in names, and changes in address created additional “new” patients in the system.

Without a national patient identifier, public health officials had to lean on imperfect matching algorithms and manual data clean-up. In many places, outreach to
people missing their second dose was delayed or incompletesimply because it was hard to be sure who was truly missing a shot and who was just hiding behind a
duplicate record.

Duplicate and missing records: the invisible burden

Duplicate records weren’t just a theoretical worry. As people rushed to book appointments, many created multiple accounts after forgetting passwords or being
unsure whether an earlier attempt had gone through. Each new registration could create another “patient” in a scheduling system or registry that was, in reality,
the same person.

Meanwhile, some vaccination events captured incomplete data because the priority was speedget shots into arms and fill in the details later. But “later” often
meant hours of manual reconciliation, guessing, and phone calls. That slowed down reporting to state and federal systems and made it harder to answer basic
questions like:

• What percentage of adults in this county have at least one dose?
• How many people over 65 are fully vaccinated?
• Where are the pockets of low coverage that need mobile clinics or targeted outreach?

A national patient identifier wouldn’t magically fix every data quality issuebut it would dramatically reduce the guesswork needed to tie doses to people,
especially as they move among different providers and settings.

How a national patient identifier could make mass vaccination easier

So what difference would a national patient identifier actually make? Think of it as giving every person a stable “vaccination passport number” that works behind
the scenes, not necessarily on a physical card. Here’s how that helps when the goal is vaccinating an entire country.

Smoother scheduling and fewer duplicates

Today, you might appear as three different people in three different systems: that urgent care visit where your name was entered as “Liz,” your employer clinic
that used your work email, and your pharmacy record with your full legal name. With a national identifier:

• Each new vaccination or appointment can be instantly linked to your existing record, regardless of which portal or provider you use.
• Scheduling systems can warn if you already have an upcoming appointment somewhere else, cutting back on double-booked slots.
• Pop-up clinics can confirm dose history in seconds, even if you forgot your paper card or can’t remember which vaccine you received.

For public health agencies, this reduces duplicate records, simplifies follow-up for second doses or boosters, and frees staff from spending evenings in
spreadsheet purgatory.

Better inventory management and planning

When vaccination data is cleaner and tied reliably to individuals, everything from supply chain planning to clinic staffing gets easier. A national patient
identifier helps:

• Accurately track coverage by age, risk group, and geography, so doses can be allocated where they’re truly needed.
• Reduce wastage by aligning appointment volume with actual demand and reducing no-shows from double-booked patients.
• Support flexible delivery models (pharmacies, primary care, mobile vans, workplace clinics) without losing track of who got what, where.

In a fast-moving outbreak, days matter. Up-to-date, person-level data tied together by a reliable identifier lets leaders adjust strategy quickly, rather than
waiting for manual reconciliation and delayed reports.

Stronger safety monitoring and equity tracking

National vaccination campaigns don’t stop at counting doses. They also aim to:

• Monitor side effects and rare adverse events.
• Make sure high-risk communities are reached.
• Identify groups that may be underserved or hesitant.

Linking vaccine records with other health data (for example, hospitalizations or chronic disease registries) is far easier and more reliable when there’s a
standard identifier. It allows:

• More precise vaccine safety studies, because researchers can confidently connect vaccination dates with later health outcomes.
• Better understanding of how well vaccines work in specific subgroups, such as older adults or people with certain conditions.
• Improved visibility into who is being left behind, so outreach can be targeted based on real data rather than guesswork.

Without a national identifier, these analyses require extensive data cleaning, probabilistic matching, and cautious interpretation. A unique identifier doesn’t
remove the need for safeguards, but it does provide a more solid foundation for evidence-based decisions.

The elephant in the room: privacy and security concerns

If a national patient identifier is so helpful, why hasn’t the U.S. already adopted one? Three big worries keep coming up: privacy, security, and misuse of data.

“I don’t want the government tracking my every move”

One of the most common fears is that a single health identifier could become a de facto tracking number, used far beyond healthcare. This concern isn’t
outlandishhistorically, Social Security numbers ended up in far more places than originally intended. Privacy advocates worry that a national patient identifier
could eventually appear on job applications, loan forms, or even be required by non-health entities.

The design of any identifier system matters enormously here. It’s possible to:

• Limit use of the identifier strictly to health and public health purposes by law.
• Make it illegal for employers, landlords, or financial institutions to request or store it.
• Use tokenization or context-specific versions so the same underlying identity doesn’t appear as a simple, universal number everywhere.

In other words, “one number to rule them all” is not the only model. It’s possible to get the benefits of better matching without building an all-purpose tracking
tool.

“What about hackers and data breaches?”

Another concern: if we create a national identifier and that system is compromised, haven’t we just handed attackers a golden key? It’s a fair question,
especially given the number of healthcare data breaches already reported each year.

However, it’s worth noting that we already store highly sensitive health information in many different systems, often in less-than-perfectly-secure ways. A
well-designed patient identifier system would:

• Store the identifier separately from full clinical details whenever possible.
• Use strong encryption and access controls, with strict logging and auditing.
• Rely on modern cybersecurity practices that assume breaches will be attempted and design defenses accordingly.

The alternativecontinuing with unreliable matching that can lead to incorrect or incomplete carealso has real, if less visible, safety risks.

Equity, discrimination, and trust

Finally, there are concerns that a national patient identifier could deepen inequities if people who already mistrust the healthcare system feel pressured to
register for something they don’t fully understand. Communities that have experienced discrimination may understandably worry about how their data could be used
against them.

Any move toward a national identifier needs to be paired with:

• Clear, transparent communication about what the identifier doesand doesn’tdo.
• Strong community engagement, especially with groups that have been historically marginalized.
• Real enforcement of privacy protections, not just promises in fine print.

Trust isn’t built by technology alone. It comes from being honest about risks, giving people meaningful control, and demonstrating that the system works fairly
for everyone.

What it would take to make a national patient identifier work

Creating a national patient identifier is not as simple as flipping a switch. It’s a policy project, a technical project, and a cultural project all at once.

Step 1: Updating the law

The first hurdle is legal. The long-standing prohibition on using federal funds for a unique patient identifier would need to be modified or lifted. That doesn’t
mean Congress has to approve a specific technical design on day one, but it does mean giving HHS and related agencies the authorityand resourcesto explore and
pilot options.

At the same time, lawmakers would need to:

• Define strict limits on how the identifier can be used.
• Strengthen penalties for misuse of health data.
• Clarify how existing privacy laws apply when data is linked across systems.

Step 2: Designing a privacy-preserving system

Technically, a national patient identifier doesn’t have to be a single, human-readable number etched into every record forever. Modern identity systems can use:

• Pseudonymous tokens that can be changed if compromised, with a secure way to map them back to the underlying identity.
• Multiple context-specific identifiers derived from a core identity, so leaks in one context don’t automatically compromise everything else.
• Robust verification processes that combine demographic information with the identifier to reduce impersonation.

For vaccination specifically, the crucial requirement is consistency: the same person should be recognized as the same person across clinics, pharmacies, mobile
units, and state lines, even if they move or change insurance.

Step 3: Supporting states, providers, and public health agencies

Even the best-designed identifier will fail if it’s dropped into the real world without support. States, health systems, pharmacies, and EHR vendors would need:

• Clear implementation guidance and timelines.
• Funding to update systems and workflows, especially in smaller clinics and rural areas.
• Technical assistance for integrating the identifier into existing IIS and health information exchange networks.

Pilot programs could focus on specific use cases, such as adult immunization tracking or pandemic preparedness drills, before scaling nationwide. The goal isn’t
perfection on day oneit’s a steady improvement over the status quo, where patient matching errors and duplicates are accepted as “just how it is.”

Real-world experiences: what the future could look like (about )

It’s one thing to talk about identifiers and algorithms. It’s another to picture how these changes would show up in everyday life. Let’s walk through a few
real-world style scenarios that illustrate how a national patient identifier could make mass vaccination smoother and less stressful.

Scenario 1: The nurse at the pop-up clinic
Maya is a public health nurse working at a mobile vaccination van parked outside a factory. Before the clinic opens, she downloads a fresh roster of employees who
pre-registered for appointments. Each person has a national patient identifier already associated with their electronic health record.

As workers arrive, Maya scans a simple QR code from their phone or employee badge, which securely retrieves their identifier. Instantly, the system shows whether
they’ve had previous doses, any documented allergies, and which vaccine they’re due for. There’s no fumbling through paper cards or asking people to remember
exact dates.

At the end of the day, the system automatically sends verified vaccination data to the state IIS and to each person’s primary care practice. Maya doesn’t have to
spend extra hours manually reconciling names or trying to decode handwriting. She can go home on timeor start planning the next clinic, instead of fixing
yesterday’s data.

Scenario 2: The patient who moves across the country
Alex received his first COVID booster in Ohio and then moved to Arizona for a new job. Months later, another booster campaign rolls out for his age group. In our
current system, his new provider might struggle to see his full vaccination history, especially if records are scattered across different registries and health
systems.

With a national patient identifier, Alex’s new clinic in Arizona can securely query his history using the same identifier that was used in Ohio. The state IIS and
his prior health system both recognize the ID and return accurate records. There’s no need for Alex to hunt through old emails or call former providers. The
clinic can confidently recommend the right dose, at the right time, based on verified data.

Scenario 3: The data analyst tracking vaccine equity
Leah is a data analyst at a state health department. Her job is to ensure that vaccination campaigns are reaching communities most affected by severe disease.
Today, she spends a lot of time cleaning datamerging duplicates, correcting obvious mismatches, and trying to make sense of incomplete records.

In a future with a national patient identifier, Leah still has to be carefulno data set is perfectbut her starting point is much stronger. Because records are
consistently linked to individuals, she can:

• More accurately calculate vaccination rates by neighborhood and demographic group.
• Quickly identify where booster uptake is lagging among certain age or risk groups.
• Share more reliable information with community partners who are planning outreach events.

Leah’s work shifts from “fixing what the system broke” to “helping the system improve.” That means faster, smarter decisions about where to send mobile clinics,
which messages resonate with which communities, and how to prevent future surges.

Scenario 4: The next pandemic
No one is eager to think about the next major outbreak, but public health planning has to be a little bit pessimistic by design. Imagine a new respiratory virus
emerges with a vaccine developed at record speed. The U.S. needs to roll out doses rapidly, track who’s protected, adjust strategies in real time, and monitor
safety carefully.

With a national patient identifier in place, most of the machinery is already built. Providers of all kindsfrom big hospital systems to neighborhood pharmaciesuse
the same underlying identifier when they vaccinate patients. States share consistent, de-duplicated data with federal agencies. Researchers can evaluate vaccine
effectiveness and safety more quickly and accurately.

The experience for individuals is smoother, too. Instead of juggling multiple patient portals, people can see their full vaccination history in one place, backed
by consistent identifiers rather than a patchwork of local IDs and mystery logins.

Conclusion: Less guesswork, more protection

Vaccinating an entire country is hard. Doing it without a standard way to identify people across systems is like trying to finish a giant jigsaw puzzle when half
the pieces are in different boxes and several have nearly identical patterns. A national patient identifier wouldn’t solve every challenge, but it
would replace much of today’s guesswork with reliable, consistent data.

The COVID-19 pandemic exposed the limits of our current approach: mismatched records, duplicate doses, incomplete histories, and delayed insights. It also showed
how much we can gain when data flows more smoothlyfaster decisions, more targeted outreach, and better protection for the people who need it most.

The question isn’t whether a national patient identifier comes with risks. It does. The real question is whether we’re willing to design it thoughtfullywith strong
privacy protections, clear limitations, and robust securityto make sure that when the next vaccination campaign comes, we’re not fighting our own data systems as
much as the disease itself.