In this blog, I’ll be examining some
biometric access control measures or strategies put in place in the Healthcare
Delivery System to monitor or mitigate against Electronic-Protected Health Information
(e-PHI) compromise. Biometric Access Control is the measures put in place to
regulate the admission of entities into trusted areas of the e-PHI. In other
words, it is the process of authentication that evaluates something inherent in
the user – something you are, you have, you know, or you produce (Whitman, M.,
E., & Mattord, H., J., 2014). It involves four processes – identification,
authentication, authorization and accountability. In the healthcare delivery
system biometric technology is being used to accurately identify patients, combination
of different biometric access control mechanisms to authenticate patient’s
credentials from any touchpoint (mobile) devices across the care continuum and
from portals and mhealth apps. The essence is to provide identity platforms
that deters medical identity theft and healthcare fraud. It is also to help prevent
duplicate medical records, keep up-to-date and complete health information, ensure
high levels of data integrity to optimize health deliverables, and increase
patient safety, and with the ultimate purpose of ensuring access security and safeguarding
personal health information or e-PHI. The patients experience a high level of
customer satisfaction and trust. For example, RightPatient, delivers accurate, “selfie”,
non-contact & hygienic, and high degree of acceptance Photo biometrics and an
affordable, small form factor, easy to use, match 100 million prints/sec fingerprint
system (see Fig. 1.0, rightpatient.com) to more than 900 sites that process
over 36 million annual patients visits (rightpatient.com).
 |
 |
Fig. 1.0a Photo Biometrics (RightPatient.com) Fig. 1.0b Fingerprint (RightPatient.com)
“Specific
to protecting the information stored in Electronic Health Records (EHRs), the
HIPAA Security Rule requires that health care providers set up physical,
administrative, and technical safeguards to protect electronic health
information. Some safety measures that may be built in to EHR systems include:
- ‘Biometric’ access controls like passwords and PIN numbers, to help limit access to (e-PH) information;
- ‘Biometric’ access control -encrypting stored information. This means health information cannot be read or understood except by someone who can “decrypt” it, using a special “key” made available only to authorized individuals;
- An audit trail, which records who accessed your information, what changes were made and when.In certain circumstances, if your e-PH data is seen by someone who should not see it, federal law requires doctors, hospitals, and other health care providers to notify you of a breach of your health information. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable” (Rodriguez, Leon. Healthit.gov). It also helps entities whose e-PHI has been compromised to act fast as to reduce the impact of the incident.The University of North Carolina is considered as a hybrid covered health care components (Student Health Services, Counselling Center, Disability Services, and Department of Athletics) involving the creation/receipt/maintenance/transmission of e-PHI that engage in HIPAA electronic transactions. It implemented biometric access control by segregating and protecting access to e-PHI from the general University server, and maintaining e-PHI on servers and/or drives separate from the network and made accessible only to authorized individuals at appropriately authorized locations and through appropriately authorized methods (biometric access controls), such as approved and individualized or controlled passwords, encryption, tokens in conjunction with a PIN, and automatic shutdowns or timeout re-authentication after 15 minutes.In another development, in February 7, 2016, in Florida, a bill requiring biometrics for patient identity verification raised concerns (Fig. 1.1).
Fig. 1.1 Biometrics for patient identity verification (Mayhew Stephen, biometricupdate.com).Mayhew Stephen, writing from Florida said “a Florida House Bill 1299, sponsored by Rep. Dane Eagle, has a provision that would require Florida hospitals to install software that allows them to use biometrics and the state driver’s license database to verify Medicaid patients identification, according to a report by the St. Augustine Record. Medicaid is a social health care program for families and individuals with low income and limited resources. When the bill came up for a vote last month in the House Children, Families and Seniors Subcommittee, Rep. Amanda Murphy proposed an amendment that would have struck the requirement that hospitals use biometrics to confirm the identity of Medicaid patients and questioned why a simple barcode scan of a person’s identification card wasn’t acceptable. The amendment did not pass.The Florida Hospital Association and the Safety Net Hospital Alliance of Florida have also expressed concerns saying that hospitals already use a variety of systems to confirm patient identity and requiring software that ties into the state driver’s license database was too restrictive.University of Florida Health Jacksonville has an “elective admission” policy that allows patients to keep a copy of their photo identification in their medical records but current government regulations prevent hospitals from making patients show photo ID to be treated in the emergency room. “We have looked into biometric identification but there are several challenges, among them the cost and government regulations,” said UF Health spokesman Daniel Leveton (biometricupdate.com).Further, “according to the report, bill sponsor Eagle doesn’t know how much it will cost hospitals to implement the technology, if the state will help pay for this service and he doesn’t have information about how much stolen identities cost the $25 billion Medicaid program. The House bill needs to be approved by two more committees before it is ready for a floor vote” (biometricupdate.com).Wearable technology in the healthcare delivery systemBiometric access control is evolving to include wearable technology. “Researchers at the new Automotive Wearables Experience laboratory located at the Ford Research and Innovation Center are exploring ways to connect crucial health information to in-vehicle technologies including sponsoring a challenge that encourages employees to submit app concepts that integrate vehicles and wearable devices” (biometricupdate.com).Research vendors forecast growth of biometrics access controlBCC Research analyst, Srinivasa Rajaram, author of Biometrics: Technologies and Global Markets, examines the global and regional markets for biometric technologies and devices and forecasts that the global market for biometric technologies will grow at a 2.7% CAGR between 2015 and 2020. Mobile biometrics market to grow up-to $34.6B by 2020, predicts Acuity Market Intelligence report. (Justin Lee, biometricupdate.com)In another development, Suprema launched BioSign fingerprint authentication solution for smartphones. With the continued migration to mobile healthcare delivery services, for example, consultation and prescription refill, this device promises to enhance patients service delivery experience and ensure greater e-PHI security.
Fig 1.2 BioSign Fingerprint Solution (biometricupdate.com).“Biometrics security solutions firm Suprema announced the launch of BioSign, a fingerprint authentication solution for smartphones that is designed to support small sensors. Suprema will showcase BioSign at the upcoming Mobile World Congress in Barcelona later this month. The company says BioSign is the mobile optimized iteration of world’s best fingerprint algorithm based on Suprema’s 15 years of expertise in fingerprint technology and offers the lowest FAR (false acceptance rate) in the market. The BioSign solution supports the world’s smallest used fingerprint sensor size of 16mm2 (4x4mm) and is able to support sensors that are 2/3 the size of the smallest sensor that is currently in use allowing for a reduction in manufacturing costs and a smaller form factor. ‘Evolution of mobile technology has transformed the way we interact with the world,’ said Dr. Brian Song, Vice President of Suprema. “Furthermore, the inclusion of biometrics technology into smartphones has brought a real change to the level of security and convenience on the devices by using what we know to who we are. ‘The latest market trend of growing demand for mid-range smartphones has significantly increased the needs for reduction in costs without sacrifice to performance or features. BioSign’s capability to work with smaller sensors will help with cost reduction efforts, and its small form factor offers versatile application options to other areas such as wearables, IoT and smartcards.” (biometricupdate.com). Wearable Biometric access controls are becoming popular in the e-PHI. protection mechanism.Samsung files patent application for contactless new non-touch method for fingerprint reader technology. According to Justin Lee (2015-02-6) users position their fingertip in front of a mobile device’s camera. The device then takes an image of the fingertip and searches for a positive match with a valid fingerprint image that is stored on the phone’s memory. The technology is able to automatically alter the camera’s focus until it secures a high quality capture of the fingerprint image. The system also features an on-screen guide that helps users accurately line up the fingertip with the camera. This contactless method is more accurate and potentially faster than full-contact fingerprint readers, as well as accounts for external factors that can affect accuracy, such as the dryness of a user’s hand or motion distortions in fingerprint pattern. This new non touch method is useful in the healthcare delivery system for biometric authentication of users e-PHI and medical practitioners access to e-PHI.In conclusion, in implementing HIPAA Security Rule that requires health care providers set up physical, administrative, and technical safeguards to protect electronic health information, healthcare organizations and government health department and agencies adopted biometrics access controls mechanism that best suit their business/occupational needs with a hindsight of e-PHI security and patient’s privacy requirements. This position is supported in a Biometrics and Healthcare report by Biometrics Research Group, Inc. King, O’Neil Rawlson, the lead researcher “examines how biometric technology is applied to the health care industry, mainly in the United States. The report observed that ‘health care biometrics’ is utilized for access control, identification, workforce management or patient record storage. Biometrics in health care often takes two forms: providing access control ‘measures’ to resources and patient identification solutions. The growing demand for biometrics solutions is mainly driven by the need to combat fraud, along with the imperative to improve patient privacy along with health care safety. Biometrics are also increasingly being used for medical monitoring and mobile health care” (King, O’Neil, Rawlson, scribd.com)ReferencesWhitman, M., E., & Mattord, H., J., (2014). Management of Information Security. 4th ed. Boston: Cengage Learning.The RightPatient biometric patient identification platform is used by health systems representingmore than 900 sites that process over 36 million annual patient visits. Retrieved (2016=20-2) from http://www.rightpatient.com/University of North Carolina. University Policy 311.6, regulation on Security ofElectronic Individually Identifiable Health Care Information under HIPAA (2005-30-5). Retrieved (2016-18-2) from http://legal.uncc.edu/policies/up-311.6Rodriguez, Leon. Privacy, Security, and Electronic Health Records. (2011-12-12).Retrieved (2016-18-2) from https://www.healthit.gov/buzz-blog/privacy-and-security-of-ehrs/privacy-security-electronic-health-records/Mayhew, Stephen. Florida bill requiring biometrics for patient identity verification raisesconcerns. (2016-7-2). Retrieved (2016-18-2) from http://www.biometricupdate.com/201602/florida-bill-requiring-biometrics-for-patient-identity-verification-raises-concernsLee, Justin. Mobile biometrics market to grow to $34.6B by 2020: Acuity MarketIntelligence report. (2015-25-6). Retrieved (2016-19-2) from http://www.biometricupdate.com/201506/mobile-biometrics-market-to-grow-to-34-6b-by-2020-acuity-market-intelligence-reportMayhew, Stephen. Suprema Launches BioSign fingerprint authentication solution forsmartphones. (2016-16-2). Retrieved (2016-18-2) fromKing, O’Neil, Rawlson. Biometrics and Health. Biometrics Research Group, Inc. (2015). Retrieved (2016-20-2) from
No comments:
Post a Comment