Are biometric security systems ideal for EHR programs?

/in /by

Electronic health record system security is often called into question. Securing health information is more than just encrypting data. To have a truly safe technology environment, an organization's staff members must be properly trained and passwords must be complex. However, there might be an easier way to ensure that information is secure. One company, BIO-key International, recently announced that it will be introducing biometric EHR access to additional eye care centers across the U.S., which will bring its total number of health care provider customers to 57.

A Ponemon Institute report found that the health care industry has the highest costs associated with data breaches. Health care providers face fees as high as $233 per EHR. Despite the Health Insurance Portability and Accountability Act and U.S. Centers for Medicare and Medicaid Services' meaningful use requirements, many hospitals cannot mitigate the risks associated with storing large amounts of detailed patient information.

The same Ponemon Institute report discovered that, worldwide, 35 percent of data breaches were caused by human error of some kind. This is the second most common reason for losing information behind malicious or criminal attacks, which are responsible 37 percent of the time. End users commonly make mistakes leaving EHR programs open or accidentally sharing data with the wrong co-worker or colleague, but malicious attacks can also come from hackers simply discovering passwords and logging in.

Too many simple passwords
Mark Burnett, author of the book "Perfect Passwords," found that 91 percent of survey respondents have a password in the list of the top 1,000 and 40 percent of them are in the top 100. For someone with a little free time, it would be simple to run through the most used passwords in an attempt to enter a secure EHR system. Furthermore, only 0.18 percent of users have a password that is not in the list of the top 10,000. Even more troubling is that the U.S. Department of Health and Human Services' Office for Civil Rights recommended using passwords or PIN numbers. If a PIN number consisted of only four digits, it would take an attacker 10,000 tries.

The answer is biometric security
Here is where biometric access becomes useful: Not only is it easier and faster for a physician to scan his or her fingerprint, but it is also more secure. Additionally, using voice recognition or retina scanning can provide security for EHR systems. Passwords no longer have to be sufficiently long enough to prevent intrusion, but doctors and nurses will spend less time typing and remembering, which can reduce stress, meet HIPAA-compliance requirements and generate more revenue by allowing physicians to see more patients in less time.

Consumer devices, such as the iPhone 5s and Galaxy S5, already have fingerprint scanners that allow users to unlock their smartphones. Intelligent Environments surveyed U.K. residents and found that 79 percent are ready to stop using passwords and only use a biometric system. Furthermore, 53 percent of respondents would use a fingerprint for digital banking. As more people become accustomed to using biometric security, it can be expected to become a larger focus of future EHR technology.