Biometrics

From Clinfowiki
Revision as of 14:39, 14 October 2011 by Annathehybrid (Talk | contribs)

Jump to: navigation, search

Identity theft has become an increasing trend on these days. many reported incidents of stealing private sensitive data for stealing credit card information or to access confidential sentisive data..

Biometrics has allowed to create a new approach additional to the old-fashioned login-password combination. This approach uses physical or physiological characteristics of the individual to provide access to sensitive data. This can be used as a single-factor authentication or combined authentication with other features, like specialized hardware for tokens and such.

METHODS FOR BIOMETRIC AUTHENTICATION

There are several techniques used ion Biometric Authentication, the

  • Face: for identifying the layout of facial features measuring the distance and angles between each.
  • Fingerprint: the thumb fingerprint is easy to use, each fingerprint is unique among population. uses small devices
  • Handprint: like the facial it measures the distance and angle of different features in your hand. these measures are unique for the individual.
  • Iris or retina: it even more distinctive for individuals, even twins will have different iris patterns. howver, hardware is expensive for this type of identification.
  • Signature: it provides a secure manner because there is no possibility for forgering a signature's pattern. it measures speed and pressure at distinctive points of the signature. maybe two signatures can be the same, but the speed and pressure is different between two people.
  • Voice: voice pattern is recorded between individuals, hoever, it's not too accurate given that a sore throat can modify your voice pattern substantially enough for the system to not recognize it.

While some methods are more accurate than others, some require more expensive hardware to achieve this procedure. other methods take a relatively long time to authenticate, which might not be practical in fast-paced context like an Emergency Room. the most popular currently as of 2010 is the fingerprint authentication

Other uses that are been tested for this technology involves analyzing patterns of behavior based on previously stored data. i.e: a system can identify a tired employee based on the pressure patterns of his signature comparing it with the stored data of it.

Biometrics is the study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

EMR and Biometrics Integration

Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for most often used with an electronic medical record (EMR). In healthcare, the most common physical characteristics include eye and facial patterns with behavioral characteristics include signature and voice.

Other examples of physical characteristics include facial patterns and hand measurements, while examples of mostly behavioral characteristics include gait and typing patterns. It can be argued that all biometric traits share physical and behavioral aspects.

Biometric Methods

The consensus is that iris scans are superior for accuracy, followed by fingerprint scans. Hand and facial geometry, voice and dynamic signatures generally rank much lower except for the newer technologies which are designed with healthcare in mind and consider environmental conditions as part of the biometric matching.

Iris Scans

Iris scans are currently the "gold standard" for biometric accuracy. Critics, however, are likely to mention that people get edgy when asked to position their eye near any device. Critics are thinking of retinal scans, which require closer proximity (2-4 inches) to a camera and a quick, concentrated beam of light. Iris scans can be performed from farther away at a distance of up to 3 feet.

Fingerprint Recognition

Fingerprint recognition is becoming even more common as many laptops incorporate fingerprint readers into the standard laptop package. Even the new UMPC is being offered with fingerprint recognition.

Facial Recognition

Facial recognition was first implemented for identifying people of interest in large crowds. The government and casinos were the most common users. Some new facial recognition vendors have focused on the privacy and security necessary to be used in healthcare. Facial recognition's continuous authentication creates a nice framework for ensuring security of clinical workstations. It also paves the way for true single sign on.

A facial biometric company is FastAccess.

Operation and Performance

All of these technologies involve sensitivity trade-offs. Set sensitivity high and scanners will keep out people you want to keep out, but they'll probably also keep out some who should be allowed in. In healthcare this could mean preventing access to a critical patient's record. Set sensitivity low and fewer authorized people will be denied access, but so will fewer unauthorized people. This creates a large HIPAA violation.

These tradeoffs in performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted as genuine users, while the FRR measures the percent of valid users who are rejected as impostors. In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing some parameter.

Benefits and Problems of Biometrics

Benefits of Biometrics:

  • Speed of Login Biometrics is significantly faster than a password login.
  • Unique Identifier for Patients In order to avoid duplicate patients in your system a biometric match with previous patients can be used.
  • Lost Passwords Costs of managing lost passwords is almost completely removed with biometrics.
  • Digital Signatures Biometric authentication can be used to digitally sign electronic documents found in EMR systems. These can range from consent forms to prescriptions to privacy agreements.

Problems with Biometrics:

  • Register Biometric Identity In order to recognize your biometric identity you must register your identity. Some biometric registration is done over time during login, but it still requires storing your biometric data in order to recognize you in the future.
  • Solution or Substance on Your Hands Healthcare clinicians are often coming in contact with various solutions that make biometrics unable to recognize you. Lotion on your hands is one example using fingerprint authentication.
  • Speed of Recognition If you move to quickly you won't be recognized by the biometric scanner. While still faster than a password this causes relative frustration.
  • Remove Gloves Gloves or other equipment may make you unable to use various biometric authentication.
  • Physical Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.
  • Personal Information There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

Active Directory Integration

Most biometric devices can be integrated with active directory to easily manage users and profiles across multiple workstations. There are two possible methods of active directory integration with biometrics. A very common practice is to extend the schema to include new biometric attributes. After extending the schema this change can never be undone. The other method is to use existing active directory attributes for authentication.

Another new feature of biometrics directed to healthcare is shared/kiosk workstations. Active directory integration is usually necessary to create a shared workstation environment with proper security and prevent time spend logging on and off windows.

According to Robert Seliger, CEO of Andover, Mass. based Sentillion, healthcare uses fingerprint scanning for user authentication more than any other industry.* Healthcare’s abundant use of biometric authentication can be attributed in large part to the HIPAA security rule and the decrease in the cost of implementing biometrics. Additionally, healthcare organizations look to biometrics to decrease overall time spent to repeatedly logon to clinical information systems.

Given healthcare’s appetite for biometrics, it is advisable that informaticians stay informed about emerging biometric technologies as well as understand the pros and cons of the various biometric options. Western Carolina University has made this a little easier by hosting a web site that provides both general and specific information about biometric technologies.

http://et.wcu.edu/aidc/BioWebPages/Biometrics_Home.html[1].

General information about the history, current uses and future possibilities in biometrics are available from the home page as well as information about the technical aspects. These same categories of information along with vendor links are available for individual biometric technologies, for example iris scanning and signature identification. Possibly the most interesting component of the site is the review of emerging biometric technologies. It is here were one can learn that scientists are attempting to use body odor and body salinity as biometric identifiers. If reviewing all these areas of the web site leave questions unanswered, links to additional information are located on the home page.



References

EMR and Biometrics

Wikipedia: Biometrics


BIBLIOGRAPHY

(1) Biometric Devices Enable Secure Authentication [3]

(2)A PRIMER ON BIOMETRIC TECHNOLOGY [www.rand.org/pubs/monograph_reports/MR1237/MR1237.ch2.pdf]