By Bob Werber
Keeping your medical information secure is a fast-growing challenge for hospitals and other health care providers. In a world where health records and insurance claims are routinely accessed and shared online by doctors, nurses, insurance claims managers and others, it’s become virtually impossible to shut out hackers from sensitive medical information with passwords alone. A solution that’s gaining wide acceptance is biometrics.
Medical identity theft hasn’t attracted wide public attention, but hackers know it’s a gold mine. They regularly try to break into hospital systems to divert drugs or use someone’s insurance to get care, put in false claims or even buy medical equipment. According to a study by the Ponemon Institute, over 2.3 million Americans were victims of medical identity theft in 2014. The problem will only grow as the volume of sensitive medical data skyrockets with the popularity wearable monitors that capture and transmit information about patient’s conditions and treatments.
Iris, Ear Geometry & More
Biometrics is something most of us have only seen in spy movies. But it’s already being widely used on computers and mobile devices to login and authenticate users through recognition of face, iris or fingerprints, or with even more exotic identifiers like hand geometry, ear geometry, scars or tattoos. An added layer of security is being created with multi-factor authentication, which requires a user to provide a password and use one of the “personal” identifiers above in tandem to login to the system. Software developers have now created biometrics apps that enable login through a phone, tablet or desktop machine, which can be easily downloaded from the app store.
But for highly sensitive data like medical records, an additional layer of biometric security is often added that’s not seen by the end user. An approach called “anonymous biometric storage” places biometric login data in a binary form and stores it in a separate location from the patient’s actual health data. A hacker who obtains the login info only gains binary data – the characteristics of the user’s biometrics but not the actual biometrics – that does not allow login.
Logging In On The Cloud
Cloud-based matching is another approach that effectively takes the login authentication function out of the user’s device and executes it in a far more secure environment in the cloud. This “software as a service” approach also provides the hospital with a ready-made security upgrade that can be far less expensive than a custom-built one. Most solutions currently in the market allow for easy skinning under the customer’s brand, and many require little or no actual programming to implement.
In the healthcare environment, biometrics can improve security in a wide variety of scenarios where hospital personnel or patients access health information through a phone, PC, clinical portal or shared workstation:
- Submitting electronic prescriptions or renewals (e-Rx) for controlled substances.
- Identifying patients as they check in to a hospital or clinic.
- Providing patients with access to their lab results or allowing them to schedule appointments through a patient portal.
- Allowing MDs to access a patient’s vital signs or other health data being collected with a wearable app or other wireless device.
- Enable a physician to securely share patient records with other doctors or staff in the same health system.
Physicians, caregivers and managers have a pressing need to share data in order to improve patient outcomes. This means that sensitive information will only be shared more and more among various stakeholders in the health system. Biometrics offers a way to potentially make this entire process more secure, by replacing passwords with markers that define the individual more clearly.