In my recent blog about the Red Flags rule, GreenLeaves commented that biometric checking would help reduce errors by establishing identity and uncovering fraud.
Using biometrics to verify identity seems like a good idea, so I met with Jim Sullivan from BIO-key, a leading provider of biometric solutions.
In
the past, I've been reluctant to adopt biometrics because of the
expense of buying fingerprint or Iris scanners for each of my 8000
client devices.
However, now that many laptops and hospital
ready tablets include embedded fingerprint swipe scanners and that the
price of USB fingerprint scanners has dropped significantly, it is
realistic to consider biometrics.
BIO-key has developed a
next-generation algorithm that reduces the fingerprint to set of
calculated unique identifiers. A person’s fingerprint graphic is not
the credential; their finger is. BIO-key ensures that only a real
finger is being scanned to produce these unique identifiers, making a
stolen fingerprint graphic useless to a potential imposter. It's the
computed values that are stored when the user's finger is scanned at
enrollment, and is later used for comparison with future scans. To me,
it's similar to the way NTLM authentication works – there is no need to
store or exchange the actual password, it's a mathematical hash of the
password that is compared to a stored mathematical hash of the original
password. BIO-key allows you to enroll and identify on most of the
different fingerprint scanners in the market, allowing an open,
heterogeneous fingerprint hardware environment.
There are several interesting ways that biometrics could be used in healthcare:
1.
As an alternative authentication method for clinicians instead of
having to constantly type a username and password. BIO-key provides a web-enabled fingerprint scanning authentication method
that interfaces seamlessly between web applications and an enrollee
database or Active Directory. Every authentication, from connecting
initially to a secure Wi-Fi hub, to authenticating to Active Directory,
to authenticating to web-based or thick client applications, can be
done using a finger scan.2. As a two factor authentication
mechanism for secure remote access to sensitive data – instead of a
token, you carry your finger with you wherever you go. Note that modern
fingerprint scanners include measurement of living tissue, so your
finger cannot be stolen and used as an authenticator.3. As a way to
protect patients from identity theft or mis-identification. The first
time you register for care, you present your passport and your finger
for scanning. On every successive visit, your fingerprint scan is used
to verify your identity, without the need to hand-check the paper
credentials again.
Some people may think that fingerprints are
used to identify criminals and thus be reluctant to use a fingerprint
scanner. As noted above, we're not using the fingerprint itself – this
is not an FBI comparison to a stored library of fingerprints. Instead,
it's comparing the scan of finger to specific computations made on
earlier scans of the finger when the patient first registered.
Hopefully, this will make patients accept scanning as a positive way to
protect their identity instead of a negative "police-like" search of
their past.
If you'd like to try this yourself, just get a USB
fingerprint scanner or use a laptop with a built in fingerprint swipe
reader such as HP, Lenovo, or Dell. Go to http://www.bio-key.com/hitdemo.asp
and follow the instructions to download the web client and test the
fingerprint enabled applications. Note that it only works in Windows at
this time.
A simple way to prevent identity theft and to authenticate web applications using your finger. That's cool!
Categories: Uncategorized
*** NOTE: Reposting due to a glitch that stripped 2 paragraphs ***
Last night, I had a long conversation regarding biometric and computer aided detection technologies with Jim Sullivan from BIO-key.
He read my comment on this blog and then decided to reach out to me to explain how much the biometric technology has progressed and especially with their software product.
Note the term “software product”, since they develop the software that uses finger print scanners and not the scanners themselves. BIO-key replaces the vendor-locked matching software that comes with the scanners with their own image processing and enhancement layer, allowing better accuracy, and interoperability among scanners, as well. They do this with the support and endorsement of the scanner hardware vendors, which says something.
I was impressed by his passion and commitment to his company and its product. I thought he was the founding owner and CEO at first!
Since I have worked extensively with Single Sign-On (SSO) and CCOW projects and have also worked with Computer Aided Detection (CAD) we were able to communicate without any language barrier whatsoever.
They have developed an algorithm that resolves issues that the technology suffered from a few years ago when I was experimenting with it.
CAD has also gone a long way in a couple of years, from almost ludicrous results (5+ ROIs)
to an accuracy (<1 ROI) that turns it into a tool instead of being a gadget anymore.
Their software (BIO-key) runs at a layer above the scanner’s device driver so it can virtually co-exist with other applications that use the fingerprint scanner device. I don't know the exact technical requirements but you can find out more at their website: http://www.bio-key.com/fingerprintbiometrics .
I am convinced that this is not an immature technology anymore. They have really pinned down the issues and resolved the nuisances that any innovating technology encounters.
I can’t wait to get my hands on it when I arrive at the office tomorrow morning to test their software on my HP laptop!
Thanks,
The EHR Guy
Last night, I had a long conversation regarding biometric and computer aided detection technologies with Jim Sullivan from BIO-key.
He read my comment on this blog and then decided to reach out to me to explain how much the biometric technology has progressed and especially with their software product.
Note the term “software product”, since they develop the software that uses finger print scanners and not the scanners themselves. BIO-key replaces the vendor-locked matching software that comes with the scanners with their own image processing and enhancement layer, allowing better accuracy, and interoperability among scanners, as well. They do this with the support and endorsement of the scanner hardware vendors, which says something.
I was impressed by his passion and commitment to his company and its product. I thought he was the founding owner and CEO at first!
Since I have worked extensively with Single Sign-On (SSO) and CCOW projects and have also worked with Computer Aided Detection (CAD) we were able to communicate without any language barrier whatsoever.
They have developed an algorithm that resolves issues that the technology suffered from a few years ago when I was experimenting with it.
CAD has also gone a long way in a couple of years, from almost ludicrous results (5+ ROIs)
to an accuracy (<1 ROI) that turns it into a tool instead of being a gadget anymore.
Their software (BIO-key) runs at a layer above the scanner’s device driver so it can virtually co-exist with other applications that use the fingerprint scanner device. I don't know the exact technical requirements but you can find out more at their website: http://www.bio-key.com/fingerprintbiometrics .
I am convinced that this is not an immature technology anymore. They have really pinned down the issues and resolved the nuisances that any innovating technology encounters.
I can’t wait to get my hands on it when I arrive at the office tomorrow morning to test their software on my HP laptop!
Thanks,
The EHR Guy
This is low grade BS.
John,
Continue being reluctant until the technology matures or be willing to be an early adopter.
If you do implement SSO with biometrics you will lose some friends while the rest might become simply sympathetic.
Many Single Sign-on implementations that use biometric fingerprint readers fail due to a variety of reasons. In northern states during the frigid winters, cold and dry fingers fail to be identified many times thus frustrating your user base. Some may say that you can place a finger-warmer next to each reader to solve this problem.
And believe me that Single Sign-on has a long way to go. Logging in isn’t the only problem since you also have to face the credential management challenges. Your application managers and help desk staff are not going to be relieved as said in the marketing brochures. There are many facets involved in this process.
I don’t know what applications you have in your hospital but if they are based on technologies like Java, Terminal emulators, .NET or other non-Win32 applications your in for a roller-coaster ride.
Despite all these issues Single Sign-on, CCOW, and EMPI are hot technologies this year and I can predict that implementations will grow at a rapid rate. It’s probably the only way many hospitals will be able to create a virtual EHR that can be leveraged for “Meaningful use”, whatever this means, without having to reinvest a fortune in a new product implementation.
But I would stick with SmartCards or similar.
And watch out for the proximity gadgets don’t let them get near! You will create a mutiny!
Anyways, I like to play with new gadgets too. Have you tried the Bamboo? Sigh 🙁 If only the physician’s handwriting was clear enough we’d solve the EHR adoption issue.
The EHR Guy
As a prospective patient, on some gut level, I’m not so excited about having to swipe my finger/fingerprint. For clinicians, I totally get the value. Right now, I’d guess most have to remember a gazillion user & password combos for all the myriad computer application systems. To cope, it’s no wonder their user/pw combos are carried on cheatsheets or stuck to PCs. Fingerprint swiping could replace user/pw combos. An additional challenge would still need to be addressed, and that is, unifying disparate systems to get tied together under a single sign-on design. My two cents. Austin
http://drughealth.blogspot.com/
You IT people are into yourselves and your gismos but these have little or any benefit for patients or doctors. Go do something useful and practical for patients. Ghastly.