Babies don’t arrive with mobile phones … yet. Still, many electronic health records (EHRs) dutifully store a “patient phone number” for newborns and carry that fiction forward for years. It seems harmless (and often is) until the 12th birthday rolls around, a portal invitation is sent to that long-standing number, and adolescent confidentiality gets flattened by good intentions.
A recent initiative at Stanford Medicine Children’s Health laid this out uncomfortably clearly and, more importantly, showed what to do about it. The team walked through how seemingly minor data habits snowball into privacy lapses, operational friction, and eroded trust across pediatric care. If your health system believes a six-month-old has a direct phone line, you’ve got some work to do.
The problem we quietly normalized
Somewhere along the way, we taught front desk teams and clinicians that a pediatric “patient phone” field should never be empty. So, we filled it with mom’s number, dad’s number, or whoever picked up first. Then we kept that number in place when the child became a teen, silently converting a convenience into a risk.
At Stanford Children’s, the baseline data were sobering. As of June 2024, 99% of children had a phone number in the patient field, and 95% of adolescents had the same number in both the patient and patient contact field. In practical terms, the record often could not tell whose phone was whose, which meant the clinician couldn’t either. That ambiguity is not a footnote; it’s a daily workflow hazard waiting to misfire.
The downstream effects have been widely observed in real-world clinical settings. Clinical leaders described adolescent portal invitations traveling to a parent’s number, enabling full parental access instead of the appropriate limited proxy role, all because the system assumes “patient phone” actually belongs to the patient.
Caregivers rightly point out a counter risk: parents still need logistics like directions and reminders to avoid no shows, and when they are left in the dark, operations suffer. Experts in data quality and security add that misassigned or recycled numbers also undermine identity verification and multi-factor authentication (MFA), multiplying the blast radius of what started as a data entry shortcut. The through line is painfully clear: when everything is labeled “patient,” the EHR can’t deliver the right information to the right person at the right time.
Why this matters
This isn’t merely about tidy data; it is about safety, confidentiality, and equity. If you cannot reliably identify who you are contacting, you cannot guarantee that sensitive results, time-critical callbacks, or urgent instructions are reaching the intended person. Adolescents deserve a trusted channel to discuss topics that are difficult or unsafe to raise at home, and a portal invite that lands with a parent can undermine both care and credibility.
When contact information isn’t person-specific, proper access dissolves before the visit starts. The irony is that our “be helpful” instinct (e.g., never leave a required field blank) creates the very problems we fear. There is also the blunt operational math. Misrouted reminders mean missed appointments, expensive rescheduling, and frazzled staff dialing the wrong numbers and documenting the wrong conversations.
Clean-up work, such as manual back edits, support tickets, and retraining, steals attention from patients and burns goodwill internally. Security is its own category of pain: when a wrong number anchors identity workflows, MFA becomes performative rather than protective. None of this is necessary if contact data are modeled around people and relationships instead of a single monolithic “patient phone” that tries to be everything for everyone.
What changed, and what you can copy
Stanford Children’s CHIO Natalie Pageler, MD, and her team approached this as a design problem rather than an etiquette reminder, and the design was refreshingly simple: make the EHR age-aware and relationship-specific. For children under 12, the system blocks entry of phone and email in the patient fields outright, forcing caregivers’ information to live where it belongs, under Patient Contacts. For adolescents 12 to 17, teens can have their own phone and email in the patient fields, while parent or guardian information lives in Patient Contacts and must be distinct from the teen’s; duplicate numbers are not allowed.
Across all ages, a Preferred Contact is required, and language plus interpreter needs are captured at the contact level and surfaced where communication actually happens. When the stakes include privacy and safety, hard stops beat hope. The change management matched the build. Go live in June 2024 did not rely on magical back edits; data are corrected at registration, check-in, or admission through a sequence of warnings, checklists, and hard stops that guide staff to do the right thing in the moment.
Front desk teams are nudged to ensure a Preferred Contact exists, that this person has a usable phone or email, that the teen and guardian numbers are not identical, and that any child under 12 does not have a phone or email parked in the patient fields. The early results point in the right direction. The data show a marked decline in inappropriate phone and email entries after the build, and staff confidence trends upward as the encounter-by-encounter clean-up rolls forward.
What comes next
There is a platform story here as well as an implementation story. The team’s EHR vendor requests read like a roadmap for the industry: allow searching by either the patient’s phone or a patient contact's phone; synchronize contacts and proxies so messaging can reach the right caregiver without awkward workarounds; display patient versus preferred contact prominently; and make sure Patient Contact information is available to prescribing networks so pharmacies can reach the adult who actually answers.
These are not moonshots; they are the predictable next steps once you acknowledge that pediatrics involves networks of humans, not solitary “patients” with a single default number. Treat contact data as a relationship graph, not a sticky note, and many downstream errors simply stop happening. Health systems do not need to wait for perfection to get started. In the next month, turn on age-aware rules and hard stops that prevent the most common errors and require a Preferred Contact. In the next few months, audit adolescent portal invitation logic to default to the teen where appropriate and otherwise to the correct proxy.
The takeaway
If your “patient phone” is doing all the work for pediatrics, you’re one birthday away from an avoidable breach of trust. Make contacts relational, age-aware, and language-specific. Let the system stop bad data at the door. And push your vendor for platform-level features that treat families like the real-world networks they are, not a single phone field with delusions of grandeur.
The kids will be alright, and your data will be too, once you stop texting the crib and start designing for real families. The lessons from Stanford Children’s Health are clear: person-specific contact data, age-aware rules, and least privilege access are not just best practices: they are operational necessities. The next time you see a newborn’s chart with a phone number, ask yourself: whose number is it, and what will happen when that baby becomes a teen? If you don’t know, it’s time to fix the build.