Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN).

Cases of mistaken identity can have devastating consequences in healthcare. A newborn could go home with the wrong parents, or a patient might receive the incorrect medication or diagnosis.

Even minor mistakes can have negative outcomes — a doctor’s office that is slow to produce a patient’s files because of a delayed identification process can erode patient confidence, not to mention create delays in their care. To further complicate matters, currently the Social Security Number remains common as an identifier, even in the face of increased fraud and data breaches.

There’s no reason for patients to remain at such risk with more secure and unique digital methods available. It’s apparent that the healthcare industry — from small clinics to the largest hospital networks — is in need of a better universal identifier.

One such identifier is a perfect fit for a new ID method in healthcare — biometrics. After all, facial scanning and fingerprint IDs already unlock many modern smartphones. And home health tests prove consumers’ increasing comfort sharing their biological data for improved service and convenience. By 2022, it is estimated that 40% of healthcare organizations will use biometric-based identification, and by 2024, the market for technology systems that allow this type of ID will reach $3.5 billion.

But among all the opportunities for biometrics to make identification more accurate, less time consuming and more consistent, healthcare organizations must also realize implementing such a system doesn’t make the underlying data any more secure. Just like a SSN, a thumbprint, an eye scan or even a vein print is merely a method of accurate identification based on previously verified and stored data. And if the underlying systems that store the data — from IT infrastructure to file systems — are not secure, it doesn’t matter how unique the identifier or mechanism for identification might be.

Science fiction and determined hacker groups might have you believe biometric systems are easy to spoof. While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN). In reality, the cost to fake or duplicate something as complex as an iris or fingerprint drives hackers to focus on less secure systems.

Take the news of India’s recent healthcare breaches, for example. In search of a better form of patient identification, the country’s Aadhaar project enrolled biometrics for more than 1.8 billion residents into the system in 2018. Since then, the project has been plagued by reports of insecure data due to poor security standards. In one case, a researcher found more than 40,000 ID card scans on an unsecured third-party database. Bad actors went after unsecured transactions instead of finding utility in biometric data.

None of this is to say healthcare providers shouldn’t look to implement biometric identification. However, in doing so, they should take the opportunity to carefully examine their underlying data security systems and protocols, including:

● Committing to extensive training. Data breaches are often the result of human error. Even in healthcare, where HIPAA and other very strict privacy laws require workers to be particularly careful with data, breaches can easily occur as a result of improper training or neglect. Everyone, from nurses to support staff to seasoned neurosurgeons, should be well versed in phishing and other techniques employed by bad actors.

● Being mindful of third-party data access. Sharing data is vital to ensuring patients receive necessary care. However, healthcare professionals need to be vigilant not just about their own organizations’ data security, but also their third-party partners’. A breach at a lab or satellite facility can still expose organizations to risk.

Ensuring a breach response and recovery plan exists. Organizations should have a concrete plan to respond and recover if a breach does occur, and conduct frequent drills to test that plan. The financial impact and damage to the organization’s reputation can be difficult to recover from if teams are scrambling to respond.

A future where something as unique as a fingerprint or face shape unlocks our entire medical history is exciting. Biometric identification systems have the potential to improve quality of services received by patients through quick and accurate identification, and save healthcare providers cost by reducing caregivers unproductive time and minimizing risk. However, healthcare organizations must first realize their data is only as secure as both the basic systems that house it and the business practices that make the data accessible to authorized users, internally or externally. Biometric identifiers are merely the key to data — healthcare organizations must be careful to keep the locks secure.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3