Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN).

  • By Michael Fox
  • Apr 16, 2019

Cases of mistaken identity can have devastating consequences in healthcare. A newborn could go home with the wrong parents, or a patient might receive the incorrect medication or diagnosis.

Even minor mistakes can have negative outcomes — a doctor’s office that is slow to produce a patient’s files because of a delayed identification process can erode patient confidence, not to mention create delays in their care. To further complicate matters, currently the Social Security Number remains common as an identifier, even in the face of increased fraud and data breaches.

There’s no reason for patients to remain at such risk with more secure and unique digital methods available. It’s apparent that the healthcare industry — from small clinics to the largest hospital networks — is in need of a better universal identifier.

One such identifier is a perfect fit for a new ID method in healthcare — biometrics. After all, facial scanning and fingerprint IDs already unlock many modern smartphones. And home health tests prove consumers’ increasing comfort sharing their biological data for improved service and convenience. By 2022, it is estimated that 40% of healthcare organizations will use biometric-based identification, and by 2024, the market for technology systems that allow this type of ID will reach $3.5 billion.

But among all the opportunities for biometrics to make identification more accurate, less time consuming and more consistent, healthcare organizations must also realize implementing such a system doesn’t make the underlying data any more secure. Just like a SSN, a thumbprint, an eye scan or even a vein print is merely a method of accurate identification based on previously verified and stored data. And if the underlying systems that store the data — from IT infrastructure to file systems — are not secure, it doesn’t matter how unique the identifier or mechanism for identification might be.

Science fiction and determined hacker groups might have you believe biometric systems are easy to spoof. While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN). In reality, the cost to fake or duplicate something as complex as an iris or fingerprint drives hackers to focus on less secure systems.

Take the news of India’s recent healthcare breaches, for example. In search of a better form of patient identification, the country’s Aadhaar project enrolled biometrics for more than 1.8 billion residents into the system in 2018. Since then, the project has been plagued by reports of insecure data due to poor security standards. In one case, a researcher found more than 40,000 ID card scans on an unsecured third-party database. Bad actors went after unsecured transactions instead of finding utility in biometric data.

None of this is to say healthcare providers shouldn’t look to implement biometric identification. However, in doing so, they should take the opportunity to carefully examine their underlying data security systems and protocols, including:

● Committing to extensive training. Data breaches are often the result of human error. Even in healthcare, where HIPAA and other very strict privacy laws require workers to be particularly careful with data, breaches can easily occur as a result of improper training or neglect. Everyone, from nurses to support staff to seasoned neurosurgeons, should be well versed in phishing and other techniques employed by bad actors.

● Being mindful of third-party data access. Sharing data is vital to ensuring patients receive necessary care. However, healthcare professionals need to be vigilant not just about their own organizations’ data security, but also their third-party partners’. A breach at a lab or satellite facility can still expose organizations to risk.

Ensuring a breach response and recovery plan exists. Organizations should have a concrete plan to respond and recover if a breach does occur, and conduct frequent drills to test that plan. The financial impact and damage to the organization’s reputation can be difficult to recover from if teams are scrambling to respond.

A future where something as unique as a fingerprint or face shape unlocks our entire medical history is exciting. Biometric identification systems have the potential to improve quality of services received by patients through quick and accurate identification, and save healthcare providers cost by reducing caregivers unproductive time and minimizing risk. However, healthcare organizations must first realize their data is only as secure as both the basic systems that house it and the business practices that make the data accessible to authorized users, internally or externally. Biometric identifiers are merely the key to data — healthcare organizations must be careful to keep the locks secure.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • New Report Says Vulnerability Exploitation Boom Threatens Cybersecurity

    Verizon Business recently released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022. Read Now

  • In The Clouds

    Video data storage in the cloud was a novel concept when Dean Drako founded Eagle Eye Networks back in 2012. While cloud was being used for almost all other business systems at that time, the physical security industry took a cautious and measured approach to cloud adoption. Read Now

  • Surveillance Cameras Provide Peace of Mind for New Florida Homeowners

    Managing a large estate is never easy. Tack on 2 acres of property and keeping track of the comings and goings of family and visitors becomes nearly impossible. Needless to say, the new owner of a $10 million spec home in Florida was eager for a simple way to monitor and manage his 15,000-square-foot residence, 2,800-square-foot clubhouse and expansive outdoor areas. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3