Three ways biometrics can impact health IT security

Brendan FitzGerald

HIMSS Analytics has released its 2016 Essentials Brief: Security Study - Biometrics, which provides a high level view of how healthcare organizations are approaching the use of biometric solutions for security purposes across their organization.  Essential Briefs are market research studies focused on identifying salient topics in the healthcare IT space that highlight mind share, market share and market opportunity of specific healthcare software technologies.

As healthcare organizations and providers have moved from the old paper standard to the new electronic world, it has come with some challenges and dangers never before encountered.  With the surge in IT adoption it has seemed that data security was somewhat of an afterthought.  Now organizations are scrambling to protect their data, their organization, and most importantly their patient population.  Biometric solutions, technologies that provide ‘something you are’ for identification (i.e.: fingerprints, hand geometry, retina or iris scans) versus something you know (i.e.: password) or something you have (i.e.: smart card), are beginning to pick up momentum across the healthcare space.  Primarily used for medication dispensing and employee identification, there are additional technologies that can be leveraged to better secure access to patient records and data sources.  While fingerprint authentication leads the way in terms of most widely adopted biometric solution application, the following are three areas where biometrics could have an impact and see growth in the future.

Two-factor (multi-factor) identification

In this scenario, users are required to submit multiple incidences of authentication to gain access to applications and secure data.  While this is occurring on some level across the healthcare market, there is an opportunity for biometrics to play a role.  Gaining access with something you are (biometric) in combination with something you know (password) or something you have (key card) could help make endpoints more secure in the future.

Enterprise single sign on (ESSO)

Having one password or one set of access credentials may seem dangerous from a security standpoint, however there are benefits with allowing single-sign on across the enterprise and there could be extended benefits incorporating biometrics.  The single sign on reduces the amount of password fatigue for end users and improves workflow.  From an IT management perspective, ESSO enables easier monitoring of outside website access and password management.  Incorporating biometrics into ESSO could help increase the level of security and administration for healthcare organizations.

Patient identification

Using biometrics for patient identification typically involves palm print recognition or vascular palm/vein pattern authentication.  Although not widely used across the market, biometrics for use in patient identification could have a number of benefits, including fraud reduction and fewer duplicate patient records.


Get a free Security Essentials Brief Snapshot Report