Security and adoption of online health record access

25% of Patients Did Not Access Data Over Patient Privacy Concerns (Health IT Security)

“Using National Cancer Institute survey data, the study found that 52 percent of US citizens were offered access to an online medical record by a healthcare provider or insurer in 2017, up from 42 percent in 2014. Of those who were offered access, 53 percent viewed their records at least once in the past year.

However, of the individuals offered access to online medical record, one-quarter did not access that information because of privacy/security concerns.”

So, is it fair to imply that up to 25% more patients would access their online health record if they were more confident in the security of their access to it?

Trusted identity management across the entire enterprise

NIST report, experts say security of IoT, mobile devices must be addressed (Biometric Update)

“Physical, sensing, actuating, computing and other security access control systems — including the spectrum of biometric usage such as biometric access and security systems; door, parking facilities, elevators, communication facilities, and rooms; occupant interface dashboards; and universal control and monitoring systems — are among the issues discussed in the recently released National Institute of Standards and Technology’s (NIST) Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT), prepared by the Interagency International Cybersecurity Standardization Working Group.”

Securlinx CEO Barry Hodge noted this morning:

IdentiTrac is the Securlinx flagship identity assurance platform that supports all of our ID management applications and integrates with users’ existing data infrastructure.

The source NIST draft report is available here:
Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT) (NIST.gov)

Market forecast: Biometrics in Healthcare 2018 – 2025

Healthcare Biometrics Market Size, Share & Trends Analysis Report (Grand View Research)

“The global healthcare biometrics market size was valued at USD 2.1 billion in 2016 and is expected to witness a CAGR of 24.2% over the forecast period. The major driving parameters attributing to the growth of this market are rising healthcare IT application combined with increasing awareness and demand for cyber security and biometric development catering to the healthcare facilities.”

Visa: Goodbye, passwords. Hello, biometrics.

Consumers ready to switch from passwords to biometrics, Visa finds (The Paypers)

“Consumers are ready to leave the password behind and adopt biometrics, according to the results from a survey commissioned by Visa.”

The full pdf info-graphic from Visa is available here.

The study of 1,000 U.S. adult consumers who use at least one credit card, debit card, and/or mobile pay account covers a range of topics on biometrics including:

  • Top benefits
  • Top concerns
  • Trusted entities

And more!

Securlinx at 2018 IAHSS Annual Conference: Chicago, April 15-17

Craig Workinger, Executive Vice President and General Manager of Securlinx, said: “Healthcare institutions at every level are facing significant security challenges and a dizzying array of technologies and partners that often solve one problem only to create new ones. We take a different approach – a system that works with both the customer’s current infrastructure and new applications. We are pleased to be attending IAHSS conference this year and are looking forward to demonstrating our capabilities and the benefits we offer healthcare organizations.”

Read our entire press release here.

Technology and the future of work

An interesting, if speculative, look into the future of work for government employees:

How the government will operate in 2030 (The Hill)

“Imagine it is 2030 and you are a U.S. government employee working from home. With the assistance of the latest technology, you participate in video calls with clients and colleagues, augment your job activities through artificial intelligence and a personal digital assistant, work through collaboration software, and regularly get rated on a one-to-five scale by clients regarding your helpfulness, follow-through, and task completion.”

But it’s not just the government sector. The convergence of cloud, AI, and biometric identity assurance among other emerging technologies like the blockchain will change the way individuals interact with large organizations throughout the economy.

The persistence of passwords

Biometrics has growing, but not sole, role in authentification security (Information Management)

“Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo,” said Peter Tsai, senior technology analyst at Spiceworks. “Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”

It looks like this 2013 post and the paper that informed it are holding up quite well.

In the paper, A Research Agenda Acknowledging the Persistence of Passwords, Cormac Herley and Paul C. van Oorschot write:

“Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats. “

All this is still true. Biometrics, however, can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type. In other words, biometrics can be combined with rudimentary passwords to bring an end to the “password arms race” where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.

 

All posts

Eric Schmidt at HiMSS and comments from Craig Workinger

A final update from Craig at the HiMSS…

Eric Schmidt, the former executive chairman of Alphabet, delivered a bold vision of the future of health care and technology at HiMMS, urging participants to go immediately to the cloud.

The cloud, he notes, can take in—and provide security for—the large amounts of data being generated from the growing number of new mobile apps and sensors, then integrate and structure this data into an information flow to support the clinician sitting in front of a patient. Through an earbud or mobile phone, the clinician can access potentially life-saving guidance.

But Eric’s comments underscore the big challenge facing the next generation of EHR (Electronic Health Records). EHR has a growing, vast flow of potentially valuable data from broad array of devices and apps. What’s lacking is the means to store it and validate its sources.

Identity authentication across platforms and devices is thus crucial to the next generation of EHR. To be usable, all that data must be tied unequivocally to the individual in front of the clinician. In turn, that means having an integrated, holistic approach to managing identity across all the platforms, apps and sensors.

Data, technology, and culture

More from our Craig Workinger at HiMSS…

 

We are attending the HiMSS annual meeting this week and wanted to share a few observations. It’s a terrific event, and a reminder of how important personal contacts are in an age when we’re on our screens constantly.

Nearly every conversation here includes the issue of how to get data out of isolated, proprietary systems so it can be used more effectively. If data can be collected from many sources, then AI and machine learning tools can be applied to it, looking at both text and images to create a predictive system for clinicians. That offers a real opportunity to improve patient care.

This also seems to be driving talk of partnerships, another hot topic at the conference. People recognize there are lots of technologies trying to solve healthcare’s problems but they approach it in an isolated way. So they are trying to figure out how to make data actionable and link it to what others have. The idea of partnerships is a departure for big industry players who’ve mostly taken a go-it-alone approach in the past.

Interoperability is also getting a lot of buzz at HiMSS. Most people focus on its technological aspect but that’s only half the challenge. The other is culture.

From a technology perspective, there are lots of vendors battling for market share and holding on to data as part of their competitive strategy. But that’s running up against consumer behavior. People today get their health care from a variety of places – hospitals, outpatient centers, specialized clinics, even their home – and they are increasingly shopping around. Inevitably, they wind up in separate health systems, and none of them speak to each other. So the challenge is to get the data up a level so that it’s accessible to their doctor no matter where they go.

There are technologies that can do that, and more. But change is slow, and that’s where culture comes in. Many healthcare organizations are reluctant to change. Some still use fax machines and paper records. They want to be more efficient but are slow to embrace the technology that can help them get there. Of course, adoption has been the challenge for every technology innovation, from PCs to cell phones. Healthcare tech is no different.

Surprises at HiMSS

As promised, here’s Craig Workinger from HiMSS…

 

Craig Workinger

I’ve been attending HiMSS for more than 15 years (do I get an award for that?), and every year I see a few things that surprise me. That’s what keeps it interesting.

One surprise is the number of vendors who claim to have a patient identity solution when what they actually do is patient identity for one specific application, like labs or payments. They don’t provide that identity outside of their system. There’s almost no one addressing the need for a universal identity repository – a database that would handle identity authentication for multiple applications. (That’s what Securlinx offers, and that’s why we are excited about the opportunities we are seeing to help healthcare organizations.)

The other surprise is the absence of the insurance industry. The major insurers are a huge part of healthcare, involved in everything from procedures and protocols to reimbursements and record-keeping. And they see how much money is lost every year from errors and fraud. Yet hey don’t have a presence here and don’t seem to collaborate with other organizations much right now. That will change, though. Collaborating to reduce costs and improve care would be a natural focus for them, not to mention a great marketing message. Insurers are a key component in all this.

Securlinx at HiMSS

Photo: Craig Workinger via Twitter

Securlinx has a presence at the Healthcare Information and Management Systems Society (HiMSS) Conference currently underway in Las Vegas.

Our own Craig Workinger (LinkedIn, Twitter) and Securlinx Healthcare Advisory Board member Tom Karson, MD (LinkedIn) have found time to report some of their observations and insights from the conference. I will share what they have to say here as their reports come in.

Biometrics for better Healthcare Records Management

How biometrics is giving identities to ‘invisible citizens’ (CNN)

“Biometrics as a technology has completely changed our way of thinking,” Mwaura told CNN. He says Simprints is giving citizens without identities hope and access to a better-synced healthcare system.

“Without it, they’d probably stay at home and accept their fate.”

Once someone is successfully enrolled they can easily visit a doctor — who can then access their entire medical history digitally.

 

 

Google’s popular art selfie tech not accessible in Illinois [and Texas] (Illinois News Network)

“The company hasn’t said why residents of the two states can’t use it. One thing both have in common is laws allowing lawsuits for not protecting biometric information. A key difference, however, is any Illinoisan can file a lawsuit, whereas Texas’ attorney general would have to initiate one there. Washington state has a law similar to Texas but users there reportedly are able to access the function.”

For fingerprints at least, familiarity breeds contentment

Visa Survey Results Suggest Familiarity is Key to Enthusiasm for Biometric Authentication (Mobile ID World)

“Conducted by AYTM Market Research, the study polled a thousand Canadian adults toward the end of last autumn. Fifty-seven percent of respondents said they were most familiar with fingerprint recognition, and a quarter said they use it regularly. Sixty-nine percent expressed interest in fingerprint-based authentication, and 61 percent reported being interested in using the technology for payments.”

Someone sold passwords to India’s ID database

Aadhaar ‘breach’: Everything you need to know (Hindustan Times)

“The crux of the matter, as reported by Tribune newspaper and corroborated by BuzzFeed News, is that there exists a portal on the Aadhaar website which gives anyone who has the login credentials access to the Aadhaar database. UIDAI says the portal is intended for government officials for addressing grievances such as rectifying spelling mistakes in a person’s name.
But somewhere in the chain, according to media reports, rogue agents have started to sell access to this portal to just anyone.”

It looks like a government employee was selling username/password(s) to access the government database at a fairly low level. It should be pretty easy to figure out who abused their position.

Amazon files mobile face recognition patent for payments

Amazon will soon accept mobile payments using selfies instead of passwords (Silicon Republic)

Amazon has filed a patent application for technology that will allow users to authenticate a payment using a photo or video in a seamless way that doesn’t necessarily require passwords.

“The user is identified using image information which is processed utilising facial recognition. The device verifies that the image information corresponds to a living human using one or more human-verification processes,” the patent reads.

Amazon files mobile face recognition patent for payments

Amazon will soon accept mobile payments using selfies instead of passwords (Silicon Republic)

Amazon has filed a patent application for technology that will allow users to authenticate a payment using a photo or video in a seamless way that doesn’t necessarily require passwords.

“The user is identified using image information which is processed utilising facial recognition. The device verifies that the image information corresponds to a living human using one or more human-verification processes,” the patent reads.

“Holy Bat-phone, Batman!”

NEC develops biometrics technology that uses sound to distinguish individually unique ear cavity shape (NEC)

The new technology instantaneously measures (within approximately one second) acoustic characteristics determined by the shape of the ear, which is unique for each person, using an earphone with a built-in microphone to collect earphone-generated sounds as they resonate within ear cavities. This unique method for extracting features is useful for distinguishing individuals based on acoustic characteristics and enables rapid and highly accurate recognition (greater than 99% accuracy).