Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN).

Cases of mistaken identity can have devastating consequences in healthcare. A newborn could go home with the wrong parents, or a patient might receive the incorrect medication or diagnosis.

Even minor mistakes can have negative outcomes — a doctor’s office that is slow to produce a patient’s files because of a delayed identification process can erode patient confidence, not to mention create delays in their care. To further complicate matters, currently the Social Security Number remains common as an identifier, even in the face of increased fraud and data breaches.

There’s no reason for patients to remain at such risk with more secure and unique digital methods available. It’s apparent that the healthcare industry — from small clinics to the largest hospital networks — is in need of a better universal identifier.

One such identifier is a perfect fit for a new ID method in healthcare — biometrics. After all, facial scanning and fingerprint IDs already unlock many modern smartphones. And home health tests prove consumers’ increasing comfort sharing their biological data for improved service and convenience. By 2022, it is estimated that 40% of healthcare organizations will use biometric-based identification, and by 2024, the market for technology systems that allow this type of ID will reach $3.5 billion.

But among all the opportunities for biometrics to make identification more accurate, less time consuming and more consistent, healthcare organizations must also realize implementing such a system doesn’t make the underlying data any more secure. Just like a SSN, a thumbprint, an eye scan or even a vein print is merely a method of accurate identification based on previously verified and stored data. And if the underlying systems that store the data — from IT infrastructure to file systems — are not secure, it doesn’t matter how unique the identifier or mechanism for identification might be.

Science fiction and determined hacker groups might have you believe biometric systems are easy to spoof. While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN). In reality, the cost to fake or duplicate something as complex as an iris or fingerprint drives hackers to focus on less secure systems.

Take the news of India’s recent healthcare breaches, for example. In search of a better form of patient identification, the country’s Aadhaar project enrolled biometrics for more than 1.8 billion residents into the system in 2018. Since then, the project has been plagued by reports of insecure data due to poor security standards. In one case, a researcher found more than 40,000 ID card scans on an unsecured third-party database. Bad actors went after unsecured transactions instead of finding utility in biometric data.

None of this is to say healthcare providers shouldn’t look to implement biometric identification. However, in doing so, they should take the opportunity to carefully examine their underlying data security systems and protocols, including:

● Committing to extensive training. Data breaches are often the result of human error. Even in healthcare, where HIPAA and other very strict privacy laws require workers to be particularly careful with data, breaches can easily occur as a result of improper training or neglect. Everyone, from nurses to support staff to seasoned neurosurgeons, should be well versed in phishing and other techniques employed by bad actors.

● Being mindful of third-party data access. Sharing data is vital to ensuring patients receive necessary care. However, healthcare professionals need to be vigilant not just about their own organizations’ data security, but also their third-party partners’. A breach at a lab or satellite facility can still expose organizations to risk.

Ensuring a breach response and recovery plan exists. Organizations should have a concrete plan to respond and recover if a breach does occur, and conduct frequent drills to test that plan. The financial impact and damage to the organization’s reputation can be difficult to recover from if teams are scrambling to respond.

A future where something as unique as a fingerprint or face shape unlocks our entire medical history is exciting. Biometric identification systems have the potential to improve quality of services received by patients through quick and accurate identification, and save healthcare providers cost by reducing caregivers unproductive time and minimizing risk. However, healthcare organizations must first realize their data is only as secure as both the basic systems that house it and the business practices that make the data accessible to authorized users, internally or externally. Biometric identifiers are merely the key to data — healthcare organizations must be careful to keep the locks secure.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3