Put Your Finger on the Right Solution.
In the healthcare industry--and in other business sectors--security is the watchword of the decade. As millions of e-business and e-commerce dollars are transacted daily via the Internet, executives are deeply concerned with, and involved in, determining who has access to what and for what purpose--and are just as determined to build audit trails for every electronic transaction.
The Health Insurance Portability and Accountability Act (HIPAA) is doing its part for the security boom too, enhancing the growing business of biometric solutions for healthcare. HIPAA is not terribly demanding in its new security rules. It requires that a security plan be in place, but leaves much of the specifics to the institution. However, it does require that the non-biometrics, such as passwords, be changed twice a year to prevent loss or theft, and that's no small task for a medical center with thousands of employees.
"With cards and passwords having much worse faults from a security perspective, such as being lost, stolen, counterfeited or forgotten," says Favio Righi, "more stringent measures along these lines can pose, rather than remove, additional barriers to security."
Righi's company, Digital Persona, Redwood City, CA, focuses on fingerprint recognition, which dates back more than 25 years as the first of biometric approaches, and which is one of the least expensive and intrusive of methods.
The U.are.U [TM] Pro biometric security technology determines your identity based on who you are (your fingerprint) instead of what you know (a password). "Each fingerprint is unique and cannot be stolen. It is individual and personal, and ensures to the digital world that you are you," Righi says. "Objectively speaking, fingerprint patterns are as likely to be repeated as snowflakes."
Fingerprint recognition is also cost-effective. Changing an employee's password can cost several hundred dollars in lost time and administrative expenses, Righi says.
Not every biometric solution fits every security problem, and some companies, such as Keyware Solutions of Woburn, MA, promote a layered approach using card and code systems with biometric technologies.
When Danny Chu, managing director of Keyware, works with a new customer, he first audits the hospital's security requirements. "Our model fits what we call an enterprise security model. From the time you gain physical access into the healthcare campus with a smart card or a biometric," you need to identify your goals in terms of a biometric solution, Chu says. The key question is: How does the solution or modality fit with what a hospital is doing in security for the overall enterprise?
Need for Redundancy
In its simplest definition, biometrics is the automatic recognition of a person using distinguishing characteristics--such as facial features, fingerprint and hand size, and voice recognition.
Each modality has its advantages and limitations. Low light or a surgeon wearing a facemask reduces the effectiveness of facial recognition. Iris scanning, while accurate and intuitive, can be uncomfortable for the person who must get close to the scanner.
Hand geometry measures the height of the fingers, distance between the joints and the shape of the knuckles, but is less accurate than other approaches and little used in healthcare. A noisy emergency room environment makes voice verification less useful.
Fingerprint patterns are widely used and reliable, with few disadvantages. Signature recognition, less broadly used and not as accurate, measures one's manner of writing--stroke order, speed and pressure on the pen.
"The most secure system is a system with no users--and that is not going to happen," Chu says. "The security comes in how many roadblocks you put in front of intruders and how extensive the roadblocks are for intruders to get over them. Biometrics is another roadblock for any intruder."
The ubiquitous use of a biometric in the workflow will be a determining factor in its acceptability in healthcare--easily accessed or used by the doctor or nurse who must be more concerned about the patient than recalling passwords or using a smart card.
Chu suggests that biometric solutions should "be more like the old plug-and-play concept that Microsoft and IBM would try to drive home." If one peripheral doesn't work, swap it and plug in something else--changing with the business or the environment or the particular hospital need.
All too often in technology, he adds, the business would rather replace a system than put in a base solution that could grow or be enhanced over a period of time. By contrast, biometrics is the perfect field for complementing and enhancing a security system using a variety of methods as conditions or needs change.
Some final advice from Chu: Begin with a small prototype such as a laboratory system or physical access. This way, the institution can achieve buy-in before deploying a biometric product hospital or campus-wide.
"Selling a biometric product does not necessarily mean a company understands the complexities of integration," Chu says. Make sure the vendor understands the problem, check its success stories and review its implementation experience.
For More Information ...
The Biometrics Management Office, established in 2000 by the U.S. Army CIO, was created to serve as the center of gravity over a full spectrum of biometric systems and technologies for the military user. The public area of the site lists many resources and references in biometrics including the Biometric Consortium. www.army.mil/biometrics
Biometric Reports. The SMI Group has published a report by Bill Perry titled "Biometrics: An Essential Guide to Biometric Systems." The report covers: 1) opportunities, applications and strategies; 2) issues facing the biometric industry; 3) organizations; 4) testing standards; and 5) regulatory issues. Logon to www.smipublishing.co.uk, click on Pharmaceuticals, then SMI Management Reports: Biometrics.
What is the Best Biometric?
There is no ideal biometric technology for every application, says the International Biometric Group (IBG), one of the trade organizations covering the field. The IBG applies the following set of criteria to each biometric modality, and a "Zephyr Analysis" can be viewed for the modalities on their site at www.biometricgroup.com.
User Criteria--Aspects that relate to the user of the system.
1. Effort--How much time and effort is required on the part of the user?
2. Intrusiveness--How intrusive does the user perceive the system to be?
Technology Criteria--Aspects that relate to the technology.
1. Cost--Cost of the hardware capture device.
2. Accuracy--How well the system identifies individuals.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Technology Information|
|Author:||Keener, Ronald E.|
|Publication:||Health Management Technology|
|Date:||Dec 1, 2000|
|Previous Article:||One, Two, Three ... Authenticate Me.|
|Next Article:||Positive Identification.|