Improving hospital facility and information security with biometrics

Greg Sarrail, VP Solutions Business Development, HID Global - Print  | 

It has become increasingly important that a hospital's medical staff work with both the facility and information security teams to gain a much better mutual understanding of today's threats, and how best to combat them, while also coordinating system workflow and security enhancements.

Healthcare institutions are following a similar path to that of most enterprises, which are adopting converged solutions to secure access to everything from the doors to computers, data, applications and cloud-based services.
In addition, biometrics is playing a big role in how hospitals not only protect their facilities, but also register patients, manage visitors, protect patient information privacy, process payments, ensure accurate medicine dispensing, and enhance caregiver workflow. In general, we will see hospitals are replacing dated and vulnerable authentication models with biometric authentication that make it significantly easier to secure the premises, medical services, medicine and supplies while also ensuring that health information may only be accessed by authorized individuals.

Improving the User Experience

The integration of fingerprint sensors by smartphone manufacturers has proven that adoption of biometrics is reliant on improving the user experience. In expanding capabilities to enable payment applications, the industry also has taken a key step toward the long-time goal of killing PINs and passwords. As this alternative model grows in popularity along with the value of the transactions it protects, there will be new pressures to provide even better security.
Sensor advances are delivering better security, privacy, encryption, tamper protection, and anti-spoofing capabilities. The umbrella covering all of these developments is a sharper focus on the user experience, in which security is a guardrail rather than a barrier, with the potential to change everything from how hospitals control access to facilities, information and supplies, how they authenticate users for numerous applications, and even how they design and operate their facilities.

A Growing Range of Biometrics Applications

An ideal application for biometrics in the hospital setting is for enterprise single sign-on (ESSO). While relatively secure ESSO solutions are available, they generally rely on a card, a password or, in the future, a smartphone — any of which can be stolen. Another, more secure and convenient way to access an ESSO system is to use the latest generation of biometrics to enable users to reliably authenticate themselves with the simple touch of a finger and log into multiple applications while providing an irrefutable audit trail.
The same model can be used for ePrescribing (or eRx), which enables physicians to prescribe medication via a computer or mobile device. eRx systems are typically integrated with electronic medical records to help prevent harmful drug interactions, incorrect dosing and drug diversion. Biometrics can provide a secure, quick and hassle-free way to comply with the multi-factor authentication requirements set by the Drug Enforcement Administration (DEA) and other regulatory bodies. For instance, the DEA has imposed requirements for managing the electronic prescription of controlled substances (EPCS) that are made simpler by the use of biometrics. With biometrics, doctors no longer need to reach for a physical credential or one-time password (OTP) to meet compliance requirements or to do their job. A simple "touch and go" approach to workflow in the hospital enabling secure identification at a shared user workstation provides tailored, personalized and secure access to medical patient records. This is an enhancement in both cost efficiency and administrative relief.
Biometrics is also being used for controlling access to medical dispensing cabinets that are used throughout the hospital to efficiently manage medical supplies and medications. With biometric medical dispensing, users can efficiently, securely and conveniently identify themselves and immediately gain access to the needed drugs and medications with a touch of their fingers. This approach is currently deployed in most major US hospitals and used by millions of nurses every day.

In underdeveloped countries, biometrics is making an enormous difference in patient tracking for vaccination monitoring and related applications. Many clinics face the high risk of wasted vaccine associated with unnecessary or duplicate inoculations. This can be solved with biometrics, which in many ways offers a universal language for effective patient tracking, regardless of language differences or literacy considerations. Clinic visits by parents and their children can be tracked to determine the proper vaccination schedule, and the data can be used to determine the necessary inventory required for a particular region. Organizations that have deployed biometrics for vaccination tracking claim fingerprint biometrics improve program participation by as much as 10 percent as parents return to bring other unvaccinated children to be enrolled and tracked.

Another patient-facing application for biometrics is verifying eligibility to receive care. Problems occur when people engage in unauthorized sharing of their healthcare ID cards with friends and family members. How can program administrators be certain that healthcare services are being delivered to the intended recipients? Administrators must be able to know who is receiving these services, and only biometrics can authenticate recipients with certainty.

Until recently, fingerprint biometrics solutions have been difficult to deploy in many healthcare settings, especially in rural clinics, outdoor applications, and even the sometimes harsh environment of the modern hospital. In many instances it was difficult or impossible for some users to enroll on conventional fingerprint sensors. The combination of frequent hand washing and the dry environment typical in hospital settings can result in dry, cracked fingers. In addition, healthcare workers typically have time-critical duties and are susceptible to rushing through a biometric authentication process. These issues led to substandard results when fingerprint sensors were deployed in the real world.

The latest sensor technology solves these issues. As an example, HID Global's Lumidigm® multispectral fingerprint technology allows for the subsurface of a fingerprint to be scanned, in addition to the surface of the skin. The collection of this extra fingerprint information means that dry fingers, dirt, moisture and even aging won't get in the way of an accurate operation. Multispectral sensors are also less sensitive to variable conditions than conventional sensors. Programs like Mexico's Seguro Popular government healthcare initiative rely on multispectral imaging fingerprint biometrics to prevent fraudulent use of their policy, and officials report that the biometric actually facilitates faster access to medical service for authorized patients, while saving costs.

Validating Identity and Preventing "Spoofing"

In any biometric system, correctly validating the identity of those that have enrolled in the system is important. Equally important is preventing false attempts. Some fingerprint identification systems can be circumvented by fake fingerprints that are implemented using a variety of materials and methods, from the inexpensive to the very sophisticated. Also called "spoofs," fake fingerprints are sometimes so thin and colorless that they can even be used, undetected, in access control environments where attendants have been trained to spot them.
The only way to combat the use of spoofs is through liveness detection, which can be done with sensors that are designed to recognize characteristics that only exist with real living human tissue. This approach makes it possible to identify a spoof within a fraction of a second and invalidate the attempted transaction. The latest fingerprint biometric sensors are also capable of "learning" and preventing new spoofs as they are identified, similar to the way an anti-virus software is updated to protect computers. Systems with liveness detection have been proven effective over 2,000 spoofs and 1 million attempts, and against nearly 60 materials and material variations including glues, silicones, gelatins, latex, thin film tapes, photocopies, plastics, Play-Doh, waxes and latent print activation.

Implementing Biometrics

Biometrics is already being incorporated into a wide range of ATMs, medication dispensing solutions, e-gates for border control, point of sale terminals, physical access control readers, time and attendance systems and other platforms. National ID programs, electronic health solutions and welfare distribution programs will likely require an authentication solution that integrates a fingerprint sensor with card-reading technology in a single platform to authenticate both the card and the cardholder. Smartphones are also very likely to be used to securely contain biometric fingerprint information for significantly improved convenience, security, and mobility. Additionally, the management of these systems will likely move to cloud-based systems for secure credential delivery and management.
Healthcare providers will need a wide range of choices to more effectively do their jobs across the full spectrum of security requirements from credential management to identity assurance. Fingerprint biometrics is poised to play a central role in the improvement of patient satisfaction, the protection of private health information, simplified access to the right information at the right time, and improved patient safety.

HID Global is the trusted source for innovative products, services, solutions, and know-how related to the creation, management, and use of secure identities for millions of customers around the world. The company’s served markets include physical and logical access control, including strong authentication and credential management; card printing and personalization; visitor management systems; highly secure government and citizen ID; and identification RFID technologies used in animal ID and industry and logistics applications. For more information, visit

Greg Sarrail is vice president of solutions business development for biometrics solutions at HID Global. He has extensive experience building strategic partnerships and driving sales of authentication solutions to the enterprise. Formerly the director of enterprise sales for HID’s Identity Assurance division throughout the Americas, Sarrail returned to HID with the 2014 acquisition of Lumidigm, a global authentication solutions company renowned for solving biometric performance issues. At Lumidigm, Sarrail developed strategic partnerships throughout the worldwide secure identity ecosystem.  Sarrail was also a founding member of NEC Solutions America’s Identity Management practice where he successfully built and managed the sales and marketing of authentication solutions. Sarrail chairs the healthcare working group at the International Biometrics & Identification Association (IBIA).

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.