There are three main applications for biometrics security in healthcare: data protection, patient identification and healthcare provider identification and authorisation.
"Confidential data is usually stored in a filing cabinet or in a computer where people access it using credentials such as ID cards, passwords or personal identification numbers (PINs)," says Anil Jain, Department of Computer Science and Engineering, Michigan State University, US. "But these particular credential-based systems are not very secure."
Security issues lie in a number of areas, for example: physical IDs can be lost; someone logging into a system can be distracted, walks away and in the interim another person starts using the system; people often write their password or PIN on a note and leave it where it can be easily read by others. Reasons like these mean that a better security mechanism is required, which is why Jain believes biometrics is proving popular.
Identity and digitisation
Patient identity has been supported in the US by the 1996 Health Insurance Portability and Accountability Act (HIPAA), which aims to protect patient records. Identifying a patient reduces the risk of mistaken procedures and enhances the process of billing healthcare insurers. In its Security Rule's Administrative Safeguard section, HIPAA also stipulates that digital medical images should be backed up as part of disaster planning and risk control.
However, Jain points out that patient identity is not closely associated with digitisation of medical records other than images. This is a vast and expensive undertaking, which in the US is proceeding fitfully, usually in small medical centres. When digitising records, a range of different standards are typically used, which makes the portability of data to different geographies problematic. With the exception of defence-related hospitals (see Opportunities for imaging manufacturers, right), biometrics is not yet part of the access authentication for such digital records.
"As more medical records become digitised, the ability of people to snoop is increased," explains Jain. "This is where biometrics is so useful. If a biometric system is used, you cannot deny you have looked at a record, because every time somebody opens a filing cabinet or logs into a system using their fingerprint, face image or any other kind of biometric security, a record is made of that person."
This unique capability also places restrictions on who accesses patient records. "You could have multiple passwords for different patients, but the problem is that people rarely remember multiple passwords," says Jain. "This is a serious issue in terms of cost, because every time someone forgets a password they have to contact the system help desk to reset the password. The issuing and ongoing maintenance, including regular changing, of passwords is onerous for hospital IT system administrators.
Another potential problem is that a digital image can be easily manipulated compared with a physical X-ray of a patient. So, how can a tampered image be detected?
"One way to ensure that doctoring does not take place is to use digital watermarking," says Jain. "It is now common in some applications to insert either a visible or invisible watermark in a digital image. The latter is preferable for digital images because you do not want to affect the quality of the image. But if any changes are made, they will be easy to spot because the image itself will reveal that someone has sought to manipulate it."
Biometrics can also be used to authorise particular people so they can outline an area of interest on a digital scan. This also ensures that the mark-up is not moved, which could be disastrous.
Biometrics-based security embraces the recognition of fingerprints, iris, voice, face and even typing style. These multi-modal biometrics perform authentication based on multiple biometric traits. While they enhance the level of security, they also add to the complexity and cost of any system.
Having to collect and use a range of biometric data and then assign different levels of access to different users may seem daunting, but Jain points to the growing use of multi-modal biometrics in other areas. For example, the ubiquitous mobile phone is being secured using multiple biometric traits.
"Most people now have mobile phones with cameras and sensors that detect speech, so they already have two modalities," he explains. "It's easy to insert a fingerprint sensor in a mobile – many phones sold in South East Asia already have them and it does not cost much to add it to the phone. There is a lot of sensitive personal information on a mobile. Research is being carried out to see if the camera on a mobile can be modified so that it can also capture the iris image. So there are four different sensors embedded in a mobile phone that can be used together to give better authentication."
It is not simply a case of better authentication: each biometric can be used selectively. A camera rarely works well in low light conditions, and voice recognition can be impeded if the user is on a train or in a busy street. If it is very cold, people may not want to take off a glove to give a fingerprint. But the wider distribution of biometric authentication will, Jain believes, accustomise people to its use, while lowering the cost of the technology.
Jain posits a system of "hard" and "soft" biometric authentication for continuous user authentication. "Hard biometrics might mean that you log in using a fingerprint or an iris scan," he says. "Meanwhile, a soft biometric could come in the form of a camera placed on top of a computer screen that takes a picture of the user at regular intervals and ensures that they are the same person who sat down at the computer the first time."
There is also a way to check keyboard typing. Different people have slightly different ways of typing. It is not a unique identifier but once a person is authenticated using, say, a fingerprint, it can keep track of the fact that the same person is using the computer.
Jain believes that everyone using a security system, including biometrics, should bear in mind that there is no such thing as total security. One of the greatest risks, he says, can arise from the people who operate the IT system. Personnel can alter biometric data and disrupt or exploit password-based systems. Stored fingerprints can be changed and authorisation levels manipulated.
One attempt to combat such internal attacks is the encryption of biometric authentication data. "But the flaw lies in that there is always a key associated with encryption," says Jain.
"Therefore, you must protect the key so that you avoid decrypting the data. Encryption is only as good as the security of the key. A lot of research is being carried out as to how you can protect biometric data stored in the system, similar to the way in which passwords are protected."
Investing in biometric security is not a one-time cost: systems need to be maintained and staff need to be trained in how to use it. There also has to be some exception processing, for example, when a particular doctor cannot be recognised on a particular system due to noisy biometric data.
"A biometric system, like any other recognition system, is not perfect," says Jain. "It will make a mistake every once in a while." Jain concludes that the successful application of biometric authentication will ultimately depend on the level of effort and investment a hospital is prepared to put in to security. It may take a major scandal involving breached patient record security or pressure from medical insurance companies to get the take-up of biometrics underway. However, he believes that in the long term this type of identification will eventually be adopted.
"As people become more accustomed to this sort of authentication in other areas of life," he says, "its application will become less onerous and the systems will meanwhile get more accurate, robust and easier to use."