MPI and Patient Identity

Master Patient Index and Identity

The master patient index (MPI) is the system that links each patient to their medical record number(s), encounters, demographics, and other identity data. When it spans multiple facilities or systems, it is an enterprise master patient index (EMPI). CCA Domain 3 includes retrieving patient information from the MPI, but the skill is not merely finding a name — it is locating the correct patient and encounter so the right documentation supports the right codes, claim, quality data, and disclosure decisions.

Identity Elements Used for Matching

MPI data may include name and aliases, date of birth, sex, address, phone, Social Security number (where collected), MRN, enterprise identifier, encounter numbers, facility, and links to prior names or merged records. Matching should use multiple identifiers — never one detail alone. Best-practice patient identification typically relies on at least two identifiers (for example, name plus date of birth) before accessing or acting on a record.

Three Identity Error Types

An overlay is the most dangerous because clinical data — allergies, medications, lab results — crosses between two real patients, and disclosing it can breach the wrong person's privacy. A duplicate is more of a completeness and reimbursement problem; an overlap is an integration gap. The distinctions are not academic: an overlay can cause a clinician to act on the wrong patient's allergy or result, which is why overlays are treated as patient-safety incidents and not merely data cleanup.

Duplicates quietly fragment a patient's longitudinal history, so a prior surgery or chronic condition sitting under the second medical record number never surfaces during the current encounter, weakening both care and coding. Overlaps appear most often after mergers or when a patient is seen across affiliated facilities that have not yet linked their identifiers, leaving a true but incomplete record on each side.

Matching logic is what holds the index together, and the exam may probe why single-identifier matching fails. Names are shared, misspelled, hyphenated, or changed after marriage; dates of birth collide constantly in large populations; and addresses and phone numbers change. Robust matching therefore weighs several attributes together — name, date of birth, sex, and often an enterprise identifier — and flags probable matches for human review rather than auto-merging.

This is why a coder who notices something off should never "fix" identity in the moment: an apparent duplicate may actually be two different people who share a birthday and a common name, and an unauthorized merge would create a far worse overlay. The safe move is always to surface the suspicion to the identity-management team that owns the matching rules and the audit trail.

Worked Scenario

A coder opens Patient B's chart and finds a lab result clearly belonging to Patient A. This is a probable overlay (misfiled documentation). The coder must not use that result to support a code, must not copy it into both charts to "preserve access," and must not keep coding from the suspect record. The correct action is to stop and report the issue through the HIM identity-management/MPI process.

CCA Response Pattern

When an item describes a suspected MPI problem, the safe answer is: stop relying on the questionable record and escalate through HIM identity management. The coder does not merge records, delete data, or continue coding unless policy authorizes the next step. Resolving duplicates and overlays is governed by data-integrity policy and audit trails so that nothing is lost.

Why Identity Errors Reach the Coder

The coder is often the first downstream user to notice an identity error because coding requires reading the whole encounter closely. A diagnosis that contradicts the patient's documented sex, a surgical history that cannot belong to the stated age, an allergy list that flips between two notes, or a result addressed to a different name are all red flags. Recognizing the pattern matters more than diagnosing the exact error type, because the response is the same: stop, do not code from the suspect data, and escalate.

Coding from a duplicate can split a patient's history so that prior conditions are missed and the case mix is understated; coding from an overlay can attach one patient's diagnoses, procedures, and present-on-admission status to a completely different person's claim, which is both a billing error and a reportable privacy breach.

Identity as a Data-Quality Function

Identity integrity is preventive, not just corrective. Standardized naming conventions, demographic validation at registration, mandatory two-identifier verification before access, and routine duplicate-rate monitoring all reduce errors before they reach the coder. A facility that tracks its duplicate rate treats identity as an ongoing information-governance metric rather than a one-time cleanup, and many organizations run periodic MPI clean-up projects with strict audit trails so that no clinical data is lost when records are merged or unmerged.

For the exam, remember the hierarchy of action: verify identity with at least two identifiers before doing anything, suspect an error when the clinical picture is internally inconsistent, refuse to reuse or duplicate questionable data, and route every suspected duplicate, overlay, or overlap to the HIM identity-management process rather than fixing it informally. That sequence protects patient safety, coding accuracy, claim integrity, and privacy at the same time, which is exactly why MPI questions are weighted as high-risk scenarios.