"Unfortunately, the more complex the system, the greater the room for error," per George Soros. Research published in BMJ Quality & Safety found that hospitalized patients with duplicate medical records were five times more likely to die. That statistic should stop every healthcare leader, policymaker, and technology company in their tracks. Imagine how common it is for EHRs to host duplicative records. Now imagine how often that happens in the digital health world where there is typically even looser interoperability.

A duplicate record is sometimes viewed as a mere clerical inconvenience, yet it could mean the difference between a nurse administering a medication listing in the "other chart" as a life threatening allergy. Having multiple charts for one patient can lead to near misses and complete blunders causing critical medication error, misdiagnoses, duplicative imaging or lab orders, and many other potential critical errors that could lead to an organization's financial and reputational downfall.

Digital health has accelerated many important advances in access and convenience, but it also exposed how fragile patient identity management remains across digital health ecosystems. Weak verification protocols, inconsistent data standards, and rushed implementation create a fertile ground for shadow records to emerge across platforms. In some cases, fraudsters exploit these gaps to obtain prescriptions or create synthetic identities. While that concern is quite serious on its own, i.e. using the wrong information to obtain service, an even more concerning risk sits inside ordinary clinical care.

As clinicians are forced to make decisions using incomplete, duplicated, or inaccurate records, patient safety deteriorates quickly. Think about the physician who prescribes a medication without visibility into another prescription issued through a different virtual platform days earlier. Another care team may treat a patient without access to extremely important medical history data because the information exists under multiple identities spread across disconnected systems. Often, these failures are described as interoperability challenges or fragmented data problems, but it's more complicated than that.

At its core, this is a governance failure. Healthcare built a digital infrastructure where critical patient information is routinely scattered across vendors, portals, applications, and health systems that were never designed to communicate cohesively. Then we layered AI tools, automation, and virtual care workflows on top of that unstable foundation. The result is a growing healthcare ecosystem where incomplete information quietly shapes care decisions every day.

While innovation is cool and provides the opportunity to care for people in ways most could have never imagined 50 years ago, patient safety depends on whether the right information reaches the right clinician at the right moment with enough integrity to support defensible decisions. Without stronger oversight, accountability, and interoperability, we risk creating a future where convenience scales faster than safety. How are your teams proactively decreasing these risks?

When healthcare fails to verify identity, protect data, and maintain oversight, the consequences can become irreparable.

One of the clearest warnings came from Cerebral. In 2022, reporting from The Wall Street Journal revealed that a 17 year old received mental health treatment and antidepressant prescriptions through the platform without his parents’ knowledge or consent, despite Missouri laws requiring parental consent for minors. The case raised serious concerns about age verification, escalation pathways, and the limitations of virtual behavioral health oversight. Reporting later revealed that the platform relied heavily on external identity verification systems without requiring visual confirmation by care teams.

In traditional brick and mortar healthcare settings, patients routinely present identification and insurance cards at check in. Digital health changed that workflow. In many virtual care environments, identity verification became secondary to efficiency, productivity metrics, user growth, and reducing friction during onboarding. The problem is that healthcare is not retail. A streamlined workflow means very little if organizations cannot confidently verify who is receiving care, who is prescribing treatment, or whether critical safeguards are functioning as intended.

The governance failures extended well beyond clinical workflows. In 2024, the Federal Trade Commission finalized action against Cerebral over allegations that the company disclosed sensitive patient data to third parties for advertising purposes. The result was a multimillion dollar settlement and mandated restrictions around data handling and privacy oversight.

Taken together, these failures exposed a broader problem across digital health. Innovation accelerated faster than identity verification, clinical governance, and data stewardship. Patient safety became vulnerable in the gaps.

Most healthcare organizations already have compliance, legal, cybersecurity, and risk management teams in place. The challenge is that many were not originally designed to govern modern digital health ecosystems, virtual care workflows, fragmented data environments, AI enabled clinical tools, or rapidly evolving operational models.

As organizations scale digitally, governance failures become increasingly expensive. Operational disruption, delayed patient care, duplicate records, workflow breakdowns, regulatory exposure, reputational harm, and preventable safety events often often emerge quietly before surfacing in incident reports or audit findings.

A few questions worth considering:

Digital Risk Compliance Solutions helps healthcare organizations identify operational, clinical, and governance gaps before they become larger financial, regulatory, or patient safety liabilities.

If any of these questions surfaced concerns within your organization, feel free to Book a Digital Health Governance Assessment here.