The term "biometrics" refers to measuring human characteristics -- a central task of health care since the invention of the science.
Indeed, industry executives contend that biometrics aren't anything new in health care, noting that X-rays, computerized tomography scans and a host of other medical technologies all represent ways to measure the human body. What is new, however, is the use of biometric authentication in health care. This technology aims to use human traits such as fingerprints and iris patterns to validate identity. Biometric authentication is just beginning to play a role in health care, which some observers find surprising.
"Health care is a strange environment in the sense that on the clinical side of health care we probably have some of the ... world's best technology," said Paul Donfried, chief technology officer at LaserLock Technologies, a security technology vendor. "On the business side of health care, it is almost the opposite. We actually have some of the most antiquated IT systems and IT infrastructure you can find anywhere."
Donfried points to authentication systems as a case in point.
"For the most part, 99% of the technology being used today is still basically user name and password," he said. "You see almost no use of biometric technology for the authentication of patients or hospital staff, which is kind of ironic."
However, broader use of biometric authentication could be coming. Consider the following developments:
- St. Vincent's Medical Center Clay County in Florida -- which opened Oct. 1 -- offers biometric patient check-in via palm scanning.
- A number of blood banks now use fingerprint scanning to identify donors. Those facilities include the Suncoast Communities Blood Bank, which in May received a $26,000 grant to help fund a biometrics-based donor check-in system.
- Apple's fingerprint scanning technology, built in to the new iPhone 5S, could eventually put biometrics in the hands of numerous clinicians. Nearly three-quarters of physicians use smartphones on the job, according to a March Kantar Media Sources & Interactions study.
Biometrics is making inroads in a few health care use cases, such as the authentication of health care workers. Some health care facilities have integrated biometrics into electronic health record systems, authenticating clinical and administrative users who need access to patient records.
Jay Meier -- vice president of corporate development at BIO-key International, a provider of fingerprint biometric identification -- described that authentication scenario as the primary biometric application in health care. He said the company's biometric products integrate with EHRs from vendors including Allscripts and Epic. In August, BIO-key announced that Allscripts certified the company's biometric identity management tool for health care providers using Allscripts Professional EHR. Knox Community Hospital in Mt. Vernon, Ohio, became the first health care facility to incorporate the integrated offering, according to BIO-key.
Eighty percent of BIO-key's business is in the health care space, Meier noted. But he acknowledged that biometrics' overall impact in EHRs is minimal at this point.
"We are just scratching the surface," he said.
Meier said biometrics has been slow to catch on, since health care organizations tend to take the minimum steps necessary to remain in compliance with security regulations.
"People don't buy biometrics and security capabilities because they want to; they buy it because they have to," he said.
Meier suggested the industry's task is to develop an argument that will make health care providers want to invest in biometrics. One possibility: the computers clinicians use automatically time out, forcing users to log on again and again through the day. Biometric authentication, however, can make those repeated log-ons go faster, according to Meier.
Meier said BIO-key studies conducted at the Cleveland Clinic revealed that fingerprint scanners can save doctors as much as 15 seconds per log-on compared with using a password and personal identification number. Meier said that amounts to about four hours per month per user and, in the case of a physician, four hours of billable time.
Fraud Reduction, Other Uses
Biometric authentication is also finding a niche in thwarting medical claims fraud. BioClaim, for instance, uses biometrics to authenticate patients at the point of service. The company's BioClaim software converts a patient's biometric -- a fingerprint or iris scan, for example -- into a computer template. The template is sent along with a patient's health insurance claim to a private or public payer as proof of the patient's physical presence at the provider's office.
Scott Kimmel -- executive vice president and general counsel of BioClaim -- said this biometric approach helps reduce fraud such as phantom billing, in which a provider bills a payer for a nonexistent patient. He said biometrics complement predictive analytics and data mining fraud detection techniques, which look at patterns rather than patients.
Kimmel said BioClaim also addresses health care benefit card swapping and identity theft, since the biometric identifier flags patients who attempt to use someone else's medical card. BioClaim customers include Amerigroup Community Care of Florida. Amerigroup, a subsidiary of WellPoint, will deploy BioClaim software in a pilot project. The pilot will also involve Eye Controls' SafeMatch technology, which employs iris scanning.
BioClaim is pursuing pilots with other health care organizations.
"We hope to expand the pilots with payers, private and public," Kimmel said.
Using biometrics to identify patients also extends to blood banks. Meier said blood banks use BIO-key's technology to enroll donors. Fingerprint templates are stored along with personal information such as name, address and phone number when new donors enroll at a facility. On subsequent visits, a fingerprint scan lets the blood bank pull up the donor's blood type and donation history.
Biometric technology also targets physical access control.
Vic Berger -- principal technologist at Affigent, an IT solutions provider -- said a couple of hospitals are evaluating facial recognition systems in entrance areas as a security measure. Facial recognition could help hospitals prevent known gang members from following an associate or rival seeking treatment at the hospital, he noted.
Industry executives believe the regulatory environment will increase the use of biometrics in health care and other industries. Berger cited the National Institute of Standards and Technology's recently published Federal Information Processing Standard (FIPS) 201-2, which applies to federal employee and contractor authentication.
FIPS 201-2, which emerged in September, requires multi-factor authentication, which will almost certainly involve a level of biometric access, according to Berger.
"I think you are going to see an ... increasing use of biometric technologies that probably will sweep well beyond the health care industry," Berger said.