Biometrics For Patient Identification: Obstacles And Opportunities (Health IT Outcomes)

Daniel Cidon, Chief Technology Officer of NextGate, has a really well-sourced piece up at Health IT Outcomes. Using data from recent studies by ECRI, Gartner, and Pew, his perspective on healthcare ID management and biometrics is well worth a read.

A sample…

“Research at the ECRI Institute paints a grim picture of how deeply troubling and harmful patient identification errors can be. In examining 7,613 cases of wrong-patient errors at 181 organizations, incidents included an individual in cardiac arrest that was not resuscitated because the care team mistakenly obeyed the wrong patient’s do-not-resuscitate order and an infant given milk from the wrong mother who was infected with hepatitis.

ECRI found 13 percent of identification errors occurred at registration, when, for example, duplicate records were created, or two patients’ records were “overlaid,” a term that describes when information from one patient is used to replace another’s.

These issues are driving health IT executives to pursue use of biometrics technology at registration to add another layer of protection of patient identity integrity.”

Eric Schmidt at HiMSS and comments from Craig Workinger

A final update from Craig at the HiMSS…

Eric Schmidt, the former executive chairman of Alphabet, delivered a bold vision of the future of health care and technology at HiMMS, urging participants to go immediately to the cloud.

The cloud, he notes, can take in—and provide security for—the large amounts of data being generated from the growing number of new mobile apps and sensors, then integrate and structure this data into an information flow to support the clinician sitting in front of a patient. Through an earbud or mobile phone, the clinician can access potentially life-saving guidance.

But Eric’s comments underscore the big challenge facing the next generation of EHR (Electronic Health Records). EHR has a growing, vast flow of potentially valuable data from broad array of devices and apps. What’s lacking is the means to store it and validate its sources.

Identity authentication across platforms and devices is thus crucial to the next generation of EHR. To be usable, all that data must be tied unequivocally to the individual in front of the clinician. In turn, that means having an integrated, holistic approach to managing identity across all the platforms, apps and sensors.

ID management in the cloud

Biometric Cloud-Based Offers Attractive Deployment (Engadget)

Cloud-based biometric technology offers attractive deployment possibilities, such as smart spaces, ambient intelligence environments, access control applications, mobile application, and alike. While traditional (locally deployed) technology has been around for some time now, cloud-based biometric recognition technology is relatively new. There are, however, a number of existing solutions already on the market…

IBIA objects to TSA’s planned identity management protocols for PreCheck

IBIA questions TSA plan on PreCheck expansion (Planet Biometrics)

The International Biometrics and Identification Association (IBIA) has objected to plans by the Transportation Security Administration (TSA) to exclusively use just biographic data solutions in an expansion of the PreCheck travel screening program.

There’s an interesting quote in the piece that compares what the TSA is proposing to the fraud prevention techniques commonly used by credit card companies.

That alone should give pause. For credit card companies, fraud is an actuarial problem. Credit card companies earn 3-4% on every transaction plus interest fees for carried balances. There’s plenty of room for both fraud and profit in that model.

The TSA’s job is different, and perhaps their fraud prevention techniques should be, too.

“Get me some biometrics, stat!”

How biometrics could improve health security (Fortune)

For the last two years, the health industry suffered the highest number of hackings of any sector. Last year, it accounted for 43% of all data breaches, according to the Identity Theft Resource Center. To help prevent these costly issues, medical companies have begun adopting an array of biometrics security systems that use data from a patient’s fingerprint, iris, veins, or face.

There really isn’t an identity management challenge that health care doesn’t have.

Biometrics for secure medical records access

NSTIC pilot uses biometrics to bring identity management to seniors (Fierce Government IT)

Members of AARP, a nonprofit group that serves adults 50 years or older, are testing technology to help them better manage their digital identities in a simple, but more secure way using biometrics. It’s just one of 15 federally funded pilots that was recently highlighted by the National Institute of Standards and Technology.

Biometric visitor exit monitoring back in the news

SIA forms ‘Airport Entry and Exit Working Group’ with SIBA (Security Info Watch)

The Security Industry Association (SIA) and Secure Identity & Biometrics Association (SIBA) on Tuesday announced the formation of the Airport Entry and Exit Working Group and release of its Identity and Biometric Entry and Exit Solutions Framework for Airports.

A biometric entry and exit monitoring system has been required under U.S. law for a long time now. Maybe the time is right to give it a real try.

Large customers need biometrics to be more convenient

Fingerprints still too unreliable for banks (MIS – Asia)

Still, organisations across multiple sectors are exploring the use of several types of biometric technologies. The Australian Passport Office last November issued a tender for new biometrics technologies.

The organisation has been using facial recognition for its passport production process since 2005.

In 2012, ANZ Bank said it was exploring using fingerprint recognition technology to replace traditional PIN codes.

Parker said there an interesting discussion under way now about how secure a transaction has to be and how much organisations and consumers are you willing to pay for a certain level of security.

“If you’re protecting the front door or the control panel of a nuclear arsenal, you probably want to spend a lot of money on security to make sure it’s top grade and nobody can get through it.

It looks like people are starting to come to grips with the “compared to what?” and “perfect vs. good” arguments we’ve been making here for a while now.

We’d also suggest a revised headline for the article linked above: “Fingerprints not Convenient Enough for Large Customers.” We’d agree with that one.

As it stands now, biometrics algorithm developers and large system vendors aren’t really finding much success at supporting customers for whom ID management isn’t their primary business. And nearly all organizations for whom ID management is their primary business are government entities. This goes some distance toward explaining why the private market for biometrics has been slow to develop.

It’s also the challenge we have built SecurLinx to meet. In this example, banks aren’t in the ID business; they’re in the money business, but they do have to get ID right — or at least predictably wrong — in order to do their job. Magnetic stripes, sixteen digit numbers and passwords aren’t great, but they are predictable. They are convenient at an affordable cost.

Biometrics companies must deliver solutions to customers that can add security and at least come close to the convenience of the systems they seek to replace.

Never a good headline

We’re Not In Crisis –NHIA (Peace FM)

In January this year, the NHIA introduced the ‘instant issuance’ of health insurance Identification (ID) Card system based on biometric data.

The process began as a roll-out in the Greater Accra region after a pilot of it on the security personnel (Military and police) in two districts of the Region-Ayawaso and La.

Currently, the process has been extended to the Central and Eastern Regions respectively and the Ashanti Region will be the next to join instant issuance of the ID cards regime.

There’s a reason national health services worldwide are scrambling to apply biometric ID management techniques to service delivery. Biometrics deliver bottom-line financial benefit to health care systems in significant ways. Better ID means less fraud, fewer ghost patients and a better audit trail if a provider’s activities warrant investigation. Also, better patient ID leads to better patient outcomes and better records management.

It’s not surprising that countries like Ghana are choosing to leap-frog the 20th century systems other large health care providers use, but it also isn’t surprising that the process is difficult and requires a steady managerial hand.

A closer look at the Fast Identity Online Alliance

If you haven’t heard of FIDO yet, you should really click through to the entire article.

Password-free authentication: Figuring out FIDO (Search Security)

Online authentication mechanisms have grown increasingly difficult for IT security teams as employees and customers expect to access online services and e-commerce sites from a myriad of devices. With password fatigue reaching new heights, many security professionals want stronger authentication methods that eliminate the complexities and risks associated with the integration of online credentials and identity management.

By now, most security professionals have heard about the Fast Identity Online (FIDO) Alliance, a non-profit founded in July 2012 and publicly announced in February 2013. The industry group is championing better multifactor authentication and open standards to promote interoperability of next-generation authentication technologies.

Brazil and India are leading the way to biometric forms of identity verification

SINGULARITY HUB The Brazilian bank Bradesco recently began using a palm vein biometric system called Palm of Your Hand to provide secure log-in on its ATM machines. Clients who choose to use traditional personal identification numbers can continue to do so, but those who go with the new system can forego PINs while simultaneously satisfying the national social security program’s requirement of “proof of life” in order to collect benefits.

In India, the national government is rolling out the largest biometric identification database to date, requiring all of its billion-plus citizens to register in hopes of reducing benefits fraud.

A tipping point for DHS?

A tipping point for biometrics? (FCW)

In May, DHS issued a request for proposals to add facial, fingerprint and iris recognition capabilities to its ID system as part of a $102 million upgrade. The agency is seeking a new contractor to take over the ID management project currently overseen by XTec and establish a new biometric-based card system that complies with Homeland Security Presidential Directive 12 (HSPD-12). The contractor would replace 161,924 personal identity verification (PIV) cards by the end of 2013 and another 116,172 in 2014, DHS officials said.

According to the agency, the winning contractor would also install enrollment and issuance stations at as many as 300 DHS locations to manage at least 300,000 PIV cards. Those locations could include sites outside the United States.

Accenture Federal Services, Booz Allen Hamilton, Deloitte, General Dynamics Information Technology, Northrop Grumman, Science Applications International Corp. and Unisys have all expressed interest in the project.

Ireland: Better ID increases efficiency of welfare

Welfare keeps economy going, says Joan Burton (The Irish Times)

The ceiling on her department’s spend next year had been set at €610 million lower than this year. Savings as a result of measures already taken would begin to bear fruit next year, and so the “ask” was a cut of €440 million. There were also increasing “asks” being made by changing demographics. There were more pensioners who were also living longer, the Minister said.

The live register was slowly coming down – now at 13.6 per cent – but not in some of the communities worst affected by unemployment. While foreign investment in job creation was healthy, the types of jobs being created were not helping the communities worst-affected by unemployment, she said.

Ms Burton said fraud prevention measures, such as identity checks and biometric identity cards, were saving €700 million a year.

It’s not easy to draw a definite conclusion from the facts prevented about how much the better ID techniques are contributing to lower budget requests from the Minister for Social Protection. Foreign investment, job creation and the changing demographics of the retired portion of the population also influence the demands upon the Ministry, but better ID management certainly helps.

ID management M&A

Equifax Buys Identity Protection Startup TrustedID for About $30 Million (All Things Digital) 

As part of the transaction, TrustedID will become part of Equifax Personal Solutions, the company’s direct-to-consumer business unit that offers credit monitoring and identity protection solutions. That said, TrustedID’s 30 employees will remain at its Palo Alto, Calif., HQ.

EMC Nabs Aveksa, a Player in Identity Management (All Things Digital)

EMC said today that it had acquired Aveksa, a privately held company that specializes in identity management. It’s based in Waltham, Mass., and has significant operations in India. First reports of the deal came from the Times of India, which said EMC paid $225 million. Aveksa will become part of RSA, the security division of EMC.

Biometrics and user experience

Five potential UX issues with biometrics (Econsultancy)

Biometrics are about people. Tom Stewart’s post reinforces the point and highlights five “potential UX [user experience] issues” — negotiations, if you will — that take place between organizations that adopt biometric ID management technologies and end users.

In brief, they are: Privacy; Reasonableness; Proportionality; Fear; and Behaviour.

The validity of the framework he offers is supported by the observation that it can be applied to all sorts of identity management technologies, not just biometrics.

Patient ID in the United States

Identifying Solutions to Patient ID (HealthLeaders)

Patient identification is a fundamental building block of the emerging accountable care organization trend, according to Bill Spooner, CIO of Sharp HealthCare, which operates four acute care and three specialty care hospitals with an approximate total of 2,000 licensed beds in the San Diego region.

“The important thing is to be able to get accurately identified patients into your database and to be able to link them out to your transaction systems so everybody knows who they are so you can effectively engage in care management,” Spooner says.

The United States in particular faces a hurdle that other developed countries do not: By law, the U.S. Department of Health and Human Services is prohibited from establishing a national patient identifier.

Providers are coping in several ways. Technology exists to flag suspected duplicate identities with varying degrees of certainty. Some are turning to technology offered by suppliers of their electronic health records.

Other providers are relying upon technology that has been employed by payers for years. And for those systems that can make the technological jump, patients are now being positively identified during every visit using smart cards with photo IDs attached, or even by biometric means, such as fingerprint, palm, or retinal scans. [ed. The revolution will not be retinal scans; bold emphasis mine]

Bottom line:
“If you can’t uniquely identify your patients within whatever data you’re analyzing, you’re going to misread and therefore make executive decisions that are not spot-on,[a]nd you make some big strategic mistakes because of that.”

The lengthy piece is very much worth a longer look.

IDaaS

Identity as a Service poised for run in enterprise (ZDNet)

Identity and Access as a Service is poised for a strong run at enterprises of all size, and those who have done their homework will dodge the hype and know what’s right for them and what’s not.

By the end of 2015, Identity and Access as a Service (IDaaS) will account for 25% of all new identity and access management sales, compared with 5% in 2012, according to recent Gartner research “Are You and the IDaaS Market Ready for Each Other?” [ed. link in orig]

South Africa: Social grants spokesperson deems biometric technology “a worthy investment”

Analysis: State of the art technology behind SA’s social grants (The New Age)

The latest biometric technology used by the South African Social Security Agency (Sassa) to disburse social grants to about 16 million beneficiaries on a monthly basis is proving to be a worthy investment in making life easier for beneficiaries of social grants.

The number of beneficiaries of social grants in South Africa grew from 2 million in 1994 to about 16 million in February 2013. Of these an estimated 11 million are Child Support Grant beneficiaries.

Since March 2012, Sassa has been engaged in the process of mass enrolment of all beneficiaries using the latest biometric technology. This followed a major announcement by Minister of Social Development Bathabile Dlamini on behalf of the government. The technology includes finger and palm verification as well as voice recognition to ensure that the grant money is paid to the relevant beneficiary at all times.

I didn’t realize that the number of people Sassa has to keep up with had expanded eight-fold in less than twenty years. It’s probably a god idea to automate fraud detection in a disbursements organization that is growing as rapidly as that. Otherwise, it’s hard to see how a fraud detection system that depended upon old-school detective types could keep up. Creating the human capital and cultural climate for their success is a long and expensive process.

The changing face of security and access control

Gary Hills, Head of capital development at the British Broadcasting Corp. (BBC) had some interesting things to say at the recent FMP London event. [ed. I’m pretty sure FMP stands for Facility Management Professional, but I was shocked to see how popular the acronym is.]

The BBC is considering using biometric access controls at its buildings. (FM World)

Hills said the first phase of the BBC’s review had seen 15 control rooms consolidated into one.

He added: “Access ID is used – not biometrics yet, but [we are] looking at it for the second phase. [We] think it will be more acceptable now as they have it in schools and colleges.

“Security is now more a building management role and the information that comes through the control room can be used more widely for building management.”

Adam Vrankulj at Biometric Update ties the story back to recent industry forecasts for the access control market.

I predict some real upheaval in the market for security systems and access control. So far, large security providers have been able to keep their market walled off from competition from the providers of other types of networked information technology. If increasing numbers of facilities management professionals see the world as Gary Hills does, those days are numbered.