There are three main applications for biometrics security in healthcare: data protection, patient identification and healthcare provider identification and authorisation.

“Confidential data is usually stored in a filing cabinet or in a computer where people access it using credentials such as ID cards, passwords or personal identification numbers (PINs),” says Anil Jain, Department of Computer Science and Engineering, Michigan State University, US. “But these particular credential-based systems are not very secure.”

Security issues lie in a number of areas, for example: physical IDs can be lost; someone logging into a system can be distracted, walks away and in the interim another person starts using the system; people often write their password or PIN on a note and leave it where it can be easily read by others. Reasons like these mean that a better security mechanism is required, which is why Jain believes biometrics is proving popular.

Identity and digitisation

Patient identity has been supported in the US by the 1996 Health Insurance Portability and Accountability Act (HIPAA), which aims to protect patient records. Identifying a patient reduces the risk of mistaken procedures and enhances the process of billing healthcare insurers. In its Security Rule’s Administrative Safeguard section, HIPAA also stipulates that digital medical images should be backed up as part of disaster planning and risk control.

However, Jain points out that patient identity is not closely associated with digitisation of medical records other than images. This is a vast and expensive undertaking, which in the US is proceeding fitfully, usually in small medical centres. When digitising records, a range of different standards are typically used, which makes the portability of data to different geographies problematic. With the exception of defence-related hospitals (see Opportunities for imaging manufacturers, right), biometrics is not yet part of the access authentication for such digital records.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Hospital Management.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“As more medical records become digitised, the ability of people to snoop is increased,” explains Jain. “This is where biometrics is so useful. If a biometric system is used, you cannot deny you have looked at a record, because every time somebody opens a filing cabinet or logs into a system using their fingerprint, face image or any other kind of biometric security, a record is made of that person.”

This unique capability also places restrictions on who accesses patient records. “You could have multiple passwords for different patients, but the problem is that people rarely remember multiple passwords,” says Jain. “This is a serious issue in terms of cost, because every time someone forgets a password they have to contact the system help desk to reset the password. The issuing and ongoing maintenance, including regular changing, of passwords is onerous for hospital IT system administrators.

Another potential problem is that a digital image can be easily manipulated compared with a physical X-ray of a patient. So, how can a tampered image be detected?

“One way to ensure that doctoring does not take place is to use digital watermarking,” says Jain. “It is now common in some applications to insert either a visible or invisible watermark in a digital image. The latter is preferable for digital images because you do not want to affect the quality of the image. But if any changes are made, they will be easy to spot because the image itself will reveal that someone has sought to manipulate it.”

Biometrics can also be used to authorise particular people so they can outline an area of interest on a digital scan. This also ensures that the mark-up is not moved, which could be disastrous.

Multi-modal alternatives

Biometrics-based security embraces the recognition of fingerprints, iris, voice, face and even typing style. These multi-modal biometrics perform authentication based on multiple biometric traits. While they enhance the level of security, they also add to the complexity and cost of any system.

Having to collect and use a range of biometric data and then assign different levels of access to different users may seem daunting, but Jain points to the growing use of multi-modal biometrics in other areas. For example, the ubiquitous mobile phone is being secured using multiple biometric traits.

“Most people now have mobile phones with cameras and sensors that detect speech, so they already have two modalities,” he explains. “It’s easy to insert a fingerprint sensor in a mobile – many phones sold in South East Asia already have them and it does not cost much to add it to the phone. There is a lot of sensitive personal information on a mobile. Research is being carried out to see if the camera on a mobile can be modified so that it can also capture the iris image. So there are four different sensors embedded in a mobile phone that can be used together to give better authentication.”

It is not simply a case of better authentication: each biometric can be used selectively. A camera rarely works well in low light conditions, and voice recognition can be impeded if the user is on a train or in a busy street. If it is very cold, people may not want to take off a glove to give a fingerprint. But the wider distribution of biometric authentication will, Jain believes, accustomise people to its use, while lowering the cost of the technology.

Jain posits a system of “hard” and “soft” biometric authentication for continuous user authentication. “Hard biometrics might mean that you log in using a fingerprint or an iris scan,” he says. “Meanwhile, a soft biometric could come in the form of a camera placed on top of a computer screen that takes a picture of the user at regular intervals and ensures that they are the same person who sat down at the computer the first time.”

There is also a way to check keyboard typing. Different people have slightly different ways of typing. It is not a unique identifier but once a person is authenticated using, say, a fingerprint, it can keep track of the fact that the same person is using the computer.

Internal dangers

Jain believes that everyone using a security system, including biometrics, should bear in mind that there is no such thing as total security. One of the greatest risks, he says, can arise from the people who operate the IT system. Personnel can alter biometric data and disrupt or exploit password-based systems. Stored fingerprints can be changed and authorisation levels manipulated.

One attempt to combat such internal attacks is the encryption of biometric authentication data. “But the flaw lies in that there is always a key associated with encryption,” says Jain.

“Therefore, you must protect the key so that you avoid decrypting the data. Encryption is only as good as the security of the key. A lot of research is being carried out as to how you can protect biometric data stored in the system, similar to the way in which passwords are protected.”

Long-term practicality

Investing in biometric security is not a one-time cost: systems need to be maintained and staff need to be trained in how to use it. There also has to be some exception processing, for example, when a particular doctor cannot be recognised on a particular system due to noisy biometric data.

“A biometric system, like any other recognition system, is not perfect,” says Jain. “It will make a mistake every once in a while.” Jain concludes that the successful application of biometric authentication will ultimately depend on the level of effort and investment a hospital is prepared to put in to security. It may take a major scandal involving breached patient record security or pressure from medical insurance companies to get the take-up of biometrics underway. However, he believes that in the long term this type of identification will eventually be adopted.

“As people become more accustomed to this sort of authentication in other areas of life,” he says, “its application will become less onerous and the systems will meanwhile get more accurate, robust and easier to use.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights. 

Sign up