Security and privacy are more important in healthcare than in most any other field. But a security system that wastes doctors’ time, or distracts them with complex procedures, is as bad as none at all. ‘Biometric’ technology may be the answer. Instead of long, cryptic passwords that must be entered over and over, biometric systems rely on quick detection of a user’s unique physical characteristics. Fingerprint scanning, palm scanning, and facial recognition are biometric technologies that help make computing easier and more secure. Just as humans recognize each other by their appearance, biometric security systems can recognize individual computer users. A lot of early work in biometrics and healthcare has targeted large U.S. institutions, such as hospitals and HMOs. But biometric security is also emerging in packaged products and smaller systems that could make life easier for doctors in small clinics or even single-doctor practices.
Fingerprints
The best-known type of biometric security is the fingerprint, which has helped catch criminals for over a hundred years. Recently, fingerprint security has become a near-ubiquitous feature on business-oriented laptop computers.
“We’ve been leveraging that technology in our commercial notebooks for five years or more,” confirms Darren Leroux, product manager, Commercial Notebooks, Hewlett-Packard (Canada) Co.
Prints are scanned with just a quick ‘swipe’ of the finger over a tiny electronic sensor, usually located at the edge of the keyboard. You ‘enroll’ yourself on a new computer by storing a finger image using several practice swipes. After that you can log in by swiping the sensor again. The software finds a match with the saved image and allows entry to the computer.
HP’s software can recognize secure internet sites via the web browser, and allow automatic login as long as your fingerprint has been validated.
Early scanners used visible light, and could be confused by cuts, dirty skin and other random factors. HP’s current notebooks use radio-frequency scanners developed by AuthenTec. These read a sub-layer of the skin, providing a far more reliable image.
For desktop use in an office or clinic setting, mouse-sized fingerprint scanners can be purchased separately. For example, Microsoft has offered both mice and keyboards with fingerprint scanners built-in. There’s a choice of brands of fingerprint scanners on the market, some selling for under $50.
While fingerprint login can improve convenience for users in healthcare, Leroux does caution that other measures, such as encryption of data on the hard drive, can be equally important for complete security. Also, the sensor does require physical contact, and will require frequent cleaning. Studies have shown that the keyboard can be the most germ-infested area of an office.
Palm Scanning
Fujitsu has been selling fingerprint sensors for over five years, but is far more excited about a more advanced biometric technology, which has the potential to be both more reliable and easier to use.
The Fujitsu PalmSecure system uses an infrared sensor the size of an ice cube, without physical contact, to scan the pattern of veins in a person’s palm. Hal Tierney, practice director, Health Industry Solutions, explains that this pattern doesn’t deteriorate over time, and hence provides more reliable identification than the skin surface.
The Fujitsu palm scanner can be used even on an unconscious subject, opening up the possibility of ambulance use. On the other hand, it does require a pulse, making it difficult to fool using a non-living facsimile. Fingerprint sensors are far easier to dupe.
For both doctors and patients, palm scanning offers the immediate advantage of not requiring physical contact. The vein image is likely to offer better reliability than a fingerprint, being at an even deeper level in the body, and less susceptible to change.
PalmSecure has much to offer for both caregiver and patient, but it’s the latter that’s been Fujitsu’s early target. Springfield Clinic, in Springfield, Illinois, has been using the technology (via “a co-developer relationship” with Allscripts), to deploy a system of kiosks at which patients can check-in for a visit, update their personal information, check health records, view their schedule for any upcoming tests or procedures, and even pay using either credit or debit card.
The clinic’s CIO, James Hewitt, reported in May that the palm technology has been a huge success, and a hit with patients. Equipment has been ordered for a full-scale roll-out, ultimately to include forty units. Compared to fingerprint scanning in kiosks, palm scanning is more secure and easier to keep clean, since scanning is accomplished without the palm coming in contact with the scanner.
Fujitsu sees many other applications for palm scanning. For example, the inexpensive sensor, which attaches via USB to any PC, could be used by patients for wireless in-home authentication. “Where the patient goes, this device has the ability to follow,” says Tierney.
In Canada, Fujitsu is positioning itself as more of an integrator than simply a seller of products. “Our intention is to be that service provider of choice,” says Tierney. While there are no PalmSecure systems operating in Canada as yet, he noted that this could change soon, with a likely pilot implementation in Western Canada.
Fujitsu currently has no plans to sell palm scanners as add-ons for computers, especially since manufacturing costs are higher than for USB fingerprint sensors. Given the concerns about security and privacy, the interest in biometric security and the benefits of PalmSecure, such units are likely to become widely available in the future.
Face Recognition
Face recognition is arguably the most advanced form of biometric identification. It’s how humans distinguish each other, after all. But it has also been very difficult for a computer to get right, given the range and variability of human features.
According to George Brostoff, co-founder and CEO of Sensible Vision Inc., the company has been developing its FastAccess face-recognition system with healthcare specifically in mind as an early target market.
FastAccess uses a standard, inexpensive webcam to track from 100 to 1,000 points of facial detail, along with software that can reliably match this information against a stored database of users. With FastAccess, login requires no effort, and, according to Brostoff, typically takes under three seconds.
This approach not only saves effort for the user, it offers some interesting advantages in healthcare.
“One of the big problems is ‘tailgating,’” says Brostoff. Regardless of who enters the password, the computer is now open, and there’s no way of knowing who is using it 30 seconds later. The traditional response has been to require more-frequent password entry. Obviously, this is frustrating for the user.
FastAccess can tell when a user walks away. It immediately locks the system until a legitimate user logs in (by approaching the webcam and being recognized). If two legitimate users swap places at the keyboard, the system can instantly switch to the appropriate account.
If a physician is with a patient but has to turn away for a moment, FastAccess can immediately lock the system, then unlock it again when needed. Add a simple wireless sensor and the system can keep the doctor logged in while the examining room door is closed, lock itself if the door opens.
Beyond ensuring privacy of patient records, the Sensible Vision system can also create an accurate audit trail. “You need to know who updated that record, or who issued that prescription,” says Brostoff. Face recognition can continuously record who’s sitting in front of the computer at any given time.
Brostoff reports that various institutions throughout the U.S. are now using Sensible Vision technology, and the company is “very close to going over one million users.” In Canada, “things continue to move slowly,” but the company has been working with provincial groups.
Total Solutions
With any of these biometric authentication systems, theoretical error rates are very low – on the order of one in a million or even less. However, real-world factors are far more important – starting with details like dirty fingers or a beard that’s been shaved off.
Even more important is how security policies are implemented in an organization. “Most of the systems we work on in healthcare tend to be semi-public,” notes Brostoff. Typically, the terminal would be in a room that’s accessible to various people, including both caregivers and patients.
“Anyone who is in possession of your computer will eventually find a way in,” Brostoff cautions. “If you block the door, they’ll just come in through a window.” The trick, in all cases, is to find the right balance of security and convenience.
It’s possible, for example, to require ‘two-factor’ login at the start of the day, using both a strong (long and complex) password and a biometric technique such as a palm or facial scan. Once the system has been unlocked, a more relaxed protocol, possibly aided by biometrics, may be adequate.
Overall, the newest biometric technologies look like a very promising fit with the needs of healthcare. In fact, Brostoff reports that vendors of medical software are becoming increasingly interested in adding biometrics to their products. “It’s going to just be a feature that’s included with their software,” he predicts.
No comments:
Post a Comment