Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN).

  • By Michael Fox
  • Apr 16, 2019

Cases of mistaken identity can have devastating consequences in healthcare. A newborn could go home with the wrong parents, or a patient might receive the incorrect medication or diagnosis.

Even minor mistakes can have negative outcomes — a doctor’s office that is slow to produce a patient’s files because of a delayed identification process can erode patient confidence, not to mention create delays in their care. To further complicate matters, currently the Social Security Number remains common as an identifier, even in the face of increased fraud and data breaches.

There’s no reason for patients to remain at such risk with more secure and unique digital methods available. It’s apparent that the healthcare industry — from small clinics to the largest hospital networks — is in need of a better universal identifier.

One such identifier is a perfect fit for a new ID method in healthcare — biometrics. After all, facial scanning and fingerprint IDs already unlock many modern smartphones. And home health tests prove consumers’ increasing comfort sharing their biological data for improved service and convenience. By 2022, it is estimated that 40% of healthcare organizations will use biometric-based identification, and by 2024, the market for technology systems that allow this type of ID will reach $3.5 billion.

But among all the opportunities for biometrics to make identification more accurate, less time consuming and more consistent, healthcare organizations must also realize implementing such a system doesn’t make the underlying data any more secure. Just like a SSN, a thumbprint, an eye scan or even a vein print is merely a method of accurate identification based on previously verified and stored data. And if the underlying systems that store the data — from IT infrastructure to file systems — are not secure, it doesn’t matter how unique the identifier or mechanism for identification might be.

Science fiction and determined hacker groups might have you believe biometric systems are easy to spoof. While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN). In reality, the cost to fake or duplicate something as complex as an iris or fingerprint drives hackers to focus on less secure systems.

Take the news of India’s recent healthcare breaches, for example. In search of a better form of patient identification, the country’s Aadhaar project enrolled biometrics for more than 1.8 billion residents into the system in 2018. Since then, the project has been plagued by reports of insecure data due to poor security standards. In one case, a researcher found more than 40,000 ID card scans on an unsecured third-party database. Bad actors went after unsecured transactions instead of finding utility in biometric data.

None of this is to say healthcare providers shouldn’t look to implement biometric identification. However, in doing so, they should take the opportunity to carefully examine their underlying data security systems and protocols, including:

● Committing to extensive training. Data breaches are often the result of human error. Even in healthcare, where HIPAA and other very strict privacy laws require workers to be particularly careful with data, breaches can easily occur as a result of improper training or neglect. Everyone, from nurses to support staff to seasoned neurosurgeons, should be well versed in phishing and other techniques employed by bad actors.

● Being mindful of third-party data access. Sharing data is vital to ensuring patients receive necessary care. However, healthcare professionals need to be vigilant not just about their own organizations’ data security, but also their third-party partners’. A breach at a lab or satellite facility can still expose organizations to risk.

Ensuring a breach response and recovery plan exists. Organizations should have a concrete plan to respond and recover if a breach does occur, and conduct frequent drills to test that plan. The financial impact and damage to the organization’s reputation can be difficult to recover from if teams are scrambling to respond.

A future where something as unique as a fingerprint or face shape unlocks our entire medical history is exciting. Biometric identification systems have the potential to improve quality of services received by patients through quick and accurate identification, and save healthcare providers cost by reducing caregivers unproductive time and minimizing risk. However, healthcare organizations must first realize their data is only as secure as both the basic systems that house it and the business practices that make the data accessible to authorized users, internally or externally. Biometric identifiers are merely the key to data — healthcare organizations must be careful to keep the locks secure.

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities