Master Data Management for Healthcare Enterprise

Master data management in healthcare is not a data governance project that competes for budget with other data initiatives. It is infrastructure that every clinical, operational, and compliance capability of the enterprise depends upon. When a patient's records are fragmented across four identity variants in the EHR, the billing system, the patient portal, and the lab system, every downstream process that depends on patient-level data is operating on an incomplete or incorrect view. Care coordination failures, duplicate test ordering, incorrect medication histories, and HIPAA disclosure errors that result from patient misidentification are documented patient safety events and OIG findings. The Master Patient Index that resolves patient identity across systems is the foundation on which a healthcare enterprise's data capability is built.

The Master Patient Index: Architecture and Matching

The MPI maintains a golden record for each patient, linking identifiers from every system in the enterprise. The core technical challenge is probabilistic matching: determining whether a record in the billing system refers to the same person as a record in the EHR with a slightly different name spelling, the same date of birth, and a different address. Deterministic matching requires exact agreement on all identifying fields and is too strict. Natural variation in name formatting, address abbreviation, and date of birth recording creates missed matches. Pure probabilistic matching accepts low-confidence matches to maximise linkage but creates false merges that are clinically dangerous.

Production MPI implementations use a combination of deterministic high-confidence rules and probabilistic scoring to produce a confidence-scored candidate match set. Records above a high-confidence threshold are auto-linked. Records in a mid-confidence band are routed to a manual review queue for human adjudication. Records below a threshold are treated as new patients. The thresholds are tunable and must be calibrated against the specific data quality characteristics of the enterprise's source systems.

21st Century Cures Act Interoperability Implications

The 21st Century Cures Act and the ONC Interoperability Rule create specific obligations for health IT developers and healthcare providers regarding patient data access. The USCDI standard defines the minimum data set that must be made available through FHIR R4 APIs for patient access and provider exchange. Patient identity matching is the critical dependency for FHIR API access: when a patient requests their records through a third-party FHIR application, the identity federation between the application's identity provider and the healthcare organisation's MPI determines whether the patient is matched to the correct record and receives the correct data.

For health systems subject to the CMS Interoperability and Prior Authorization Rule, the patient access API must be functional and accurate by the mandated compliance dates. MPI accuracy is the upstream dependency that determines whether the FHIR API returns complete and correct patient data. A health system that builds its FHIR API on top of a poorly functioning MPI delivers a technically compliant API that fails patients in practice: a compliance gap that the patient complaint process and ONC enforcement will surface.

Enterprise MDM Architecture: Beyond the Patient

Healthcare enterprise MDM extends beyond patient identity to provider identity and location master data. Provider master data includes NPI registry integration, credential verification, and specialty classification. It determines which providers appear in patient-facing directories, which providers are listed on claims, and which providers receive referral notifications. Inaccurate provider master data produces incorrect claims submissions, failed prior authorization requests, and patient safety events when referrals go to incorrect or uncredentialled providers.

Location master data covers facilities, departments, and care settings. Under the 340B Drug Pricing Program, incorrect location classification results in 340B compliance failures. Under Medicare and Medicaid billing, incorrect place-of-service codes result in claim denials or overpayment liability. Location master data accuracy has direct revenue and compliance implications that are less visible than patient safety but are regularly surfaced in CMS audits and OIG reviews.

MDM Integration Architecture

The MPI must integrate with every system in the enterprise that creates or consumes patient identity: the EHR, the billing system, the patient portal, the laboratory information system, the radiology information system, the scheduling system, and increasingly the patient engagement platform and care management applications. The integration architecture must handle both prospective matching at registration and retrospective matching of existing duplicate records across systems.

HL7 v2 ADT messages remain the dominant patient identity event format for prospective matching in enterprise healthcare. A01 patient admit, A04 patient register, A08 patient update, and A40 merge patient records messages carry the demographic data that the MPI uses to match and link. FHIR Patient resources serve the same function in modern integration architectures. The MDM platform must consume both, because healthcare enterprises inevitably operate a mix of HL7 v2 legacy systems and FHIR-capable modern systems simultaneously.

Governance and Operational Discipline

The highest-quality MDM platform produces poor outcomes without operational governance discipline. Every system that creates patient records must send registration events to the MPI within an SLA. Systems that create records without MPI notification create new identity fragments that accumulate silently. The manual review queue for mid-confidence matches must be worked daily; backlogs mean an accumulating stock of unlinked records. Merge and unmerge events must be propagated back to all source systems. A merge decision made in the MPI that is not reflected in the EHR leaves the EHR operating on the old fragmented view. The clinical informaticist or data governance team that owns MPI operational governance is as critical to data quality outcomes as the MDM platform architecture.