Healthcare biometrics foster better delivery and outcomes

Biometrics entering a new era in healthcare (Healthcare IT News)

“The future portends a new era of biometrics. Advances to the technologies will make them more attractive to healthcare organizations. Decreasing costs will make biometrics a more palatable move. Other technologies like artificial intelligence will, in turn, also give biometrics a boost.

But mainstreaming biometrics faces a variety of challenges. These include privacy, people, cost and interoperability.”

As they say, read the whole thing. It’s a really informative piece.

Data, technology, and culture

More from our Craig Workinger at HiMSS…

 

We are attending the HiMSS annual meeting this week and wanted to share a few observations. It’s a terrific event, and a reminder of how important personal contacts are in an age when we’re on our screens constantly.

Nearly every conversation here includes the issue of how to get data out of isolated, proprietary systems so it can be used more effectively. If data can be collected from many sources, then AI and machine learning tools can be applied to it, looking at both text and images to create a predictive system for clinicians. That offers a real opportunity to improve patient care.

This also seems to be driving talk of partnerships, another hot topic at the conference. People recognize there are lots of technologies trying to solve healthcare’s problems but they approach it in an isolated way. So they are trying to figure out how to make data actionable and link it to what others have. The idea of partnerships is a departure for big industry players who’ve mostly taken a go-it-alone approach in the past.

Interoperability is also getting a lot of buzz at HiMSS. Most people focus on its technological aspect but that’s only half the challenge. The other is culture.

From a technology perspective, there are lots of vendors battling for market share and holding on to data as part of their competitive strategy. But that’s running up against consumer behavior. People today get their health care from a variety of places – hospitals, outpatient centers, specialized clinics, even their home – and they are increasingly shopping around. Inevitably, they wind up in separate health systems, and none of them speak to each other. So the challenge is to get the data up a level so that it’s accessible to their doctor no matter where they go.

There are technologies that can do that, and more. But change is slow, and that’s where culture comes in. Many healthcare organizations are reluctant to change. Some still use fax machines and paper records. They want to be more efficient but are slow to embrace the technology that can help them get there. Of course, adoption has been the challenge for every technology innovation, from PCs to cell phones. Healthcare tech is no different.

Japan, U.S. law enforcement to share fingerprint databases online (Japan Today)

Japan and the United States have agreed to provide mutual access to online fingerprint databases to aid criminal investigations.

According to the arrangement, each nation will have instant access to fingerprint data for the purpose of investigating individuals suspected of involvement in terrorism or other serious crimes such as murder, Japanese officials said.

Five Country Conference increases interoperability

NEW ZEALAND: Fingerprints catch out immigration fraudster (TV NZ)

[Immigration New Zealand] found that her fingerprints matched those of a person who had entered Canada, the United States and the United Kingdom using different names.

INZ says landmark cooperation between authorities in all four countries resulted in the successful prosecution.

INZ’s Identity Services manager Jacqui Martin says this is the first time evidence like fingerprints gathered as a result of cooperation under the Five Countries Conference (FCC) has been used in a prosecution for immigration fraud.

Score one for the Five Country Conference.

US: Entry/exit dominating today’s biometrics news

An amendment to the immigration bill being discussed in the Senate Judiciary Committee has been all over the news this morning.

See:
Senators propose fingerprinting at airport security (Click Orlando), and
US senators approve immigration changes requiring fingerprint system at 30 airports (Truth Dive)

This Reuters piece is more detailed:
US panel votes to speed up airport fingerprinting of immigrants (Reuters)

The Senate Judiciary Committee voted 13-5 for an amendment to a wide-ranging immigration bill that would require the installation of devices to check immigrants’ fingerprints at the 10 busiest U.S. airports within two years of enactment of the legislation.

Checks currently are made at airports for foreigners arriving and re-entering the country but not when they leave. “It’s just a matter of having records we can keep so we know where we’re going,” Republican Senator Orrin Hatch of Utah told reporters of his successful amendment.

The committee’s work commands worldwide attention because it’s personal to many people because of their own travel habits, aspirations for immigration or education, or the living situation of friends or loved-ones.

It is also of worldwide importance because the United States will have a large role to play in any eventual interoperable international system accounting for international travel.

The amendment adopted by the committee would, in the event of the bill’s passage, institute a fingerprint-based entry/exit system starting with the ten busiest U.S. airports over two years.

The best framing I have read of the lack of-, case for-, and challenges associated with a decent entry/exit system is David Grant’s Immigration reform: What to do about those who arrive legally but never leave?

And in March, we wrote:

[… R]elevant to integrating the entry and exit points is the percentage of international travelers who enter a country through one international travel node and depart the country from another.

The more nodes, the more travelers, the more complex the travel patterns of international visitors, all of these things place additional pressures on any sort of entry/exit system and these complexities don’t necessarily increase as a linear function.

Of course all of this has bearing on the United States which has every challenge there is. It’s not surprising that, biometrics or no biometrics, the US lacks a comprehensive integrated entry/exit system. A couple of good pilot projects might go a long way towards getting an idea of the exact scope of some of the challenges, though. [emph. added]

With that in mind, does the committee’s amendment fit in with the idea of a “good pilot” project? I think so. Despite reluctance to call anything happening in the ten busiest airports in the country a “pilot project,” so as not to trivialize the challenges involved, the scope of a truly comprehensive entry/exit system accounting for all air, sea and land transport is so vast that it does make “pilot project” seem appropriate here.

But in order for this avenue to a pilot actually to lead there, even in two years, the whole immigration bill currently being fashioned in the Judiciary Committee must pass the full U.S. Senate and House of Representatives. Even if the broader immigration overhaul fails to attract majority legislative support, the 13-5 committee vote may bode well for the pilot on a stand-alone basis. You have to start somewhere.

TWIC hasn’t been popular with transportation workers…

…but I get the sense that the transportation workers don’t oppose the Transportation Worker Identification Credential (TWIC) on principle, rather, implementation just hasn’t worked out. The U.S. General Accounting Office seems to share workers’ assessment.

Scrap TWIC? GAO report slams port credential program (Land Line Magazine)

Truck drivers and others who work at U.S. ports have grumbled for years about the expenses and hassles of obtaining a Transportation Worker Identification Credential, or TWIC.

TWIC – a biometric security card capable of storing fingerprints, residency documents and other information – was designed to make ports and major warehouse areas less vulnerable to potential terrorists.

A federal investigative report released this week says the TWIC program’s efforts to implement a remote card reader system haven’t worked, and said Congress should consider scrapping the 10-year-old billion-dollar program altogether and starting over with a new credential.

As we have discussed in other TWIC-related posts, the interoperability issues involved in having one card that works at every port, warehouse, transshipment hub, border, etc. haven’t been overcome and the administrative load on those required to carry the card have been heavy.

UPDATE:
See also:
TSA Defends TWIC Reader Program (Homeland Security Today)

“TWIC readers determine whether a card is authentic, valid and issued by TSA,” Sadler testified. “The readers also check that the card has not expired and, by accessing the cancelled card list, can determine if the card has been revoked or reported lost or stolen. When used in the biometric mode, readers confirm through a biometric fingerprint match that the person using the card is the rightful owner of the card. The TWIC card and reader system can perform these checks virtually anywhere with portable or fixed readers because connectivity to an external database is not required. [ed. emphasis mine]

How does the italicized part work? Without at least intermittent connectivity to an external database how are lost cards to be rejected?

“Any sufficiently advanced technology is indistinguishable from magic.”

— Arthur C. Clarke

Fingerprint led to arrest in Dollar General killings, detective testifies (Wichita Eagle)

Detective Tim Relph said a video camera showed the killer walking into the store and quickly leaving after shooting two people with a .22-caliber handgun. The killer tried to exit the store through an entrance door before realizing that the door wouldn’t open from the inside, Relph said. The finger and palm print left on that entrance door proved to be the key to solving the case, he said.

The shooting occurred at 8:01 p.m. on Nov. 30, Relph said, and a computerized fingerprint classification system identified Marshall as a possible suspect by 3:45 the next morning. By 4 a.m., he said, a fingerprint examiner confirmed that the print came from Marshall.

“By 4:30 in the morning there were 50 police officers looking for him,” Relph testified.

Shooting at 8:01 PM. Positive ID before 4:00 AM. That’s less than eight hours. Sometimes, we’re led by various television programs and movies to believe that the process is much quicker than that.

In actuality, given the steps involved, the eight hour turn-around is magical. Because…

Law enforcement, NIST making fingerprint files easier to search (GCN)

Not all AFIS are alike, however. State and local agencies often maintain their own databases, and although there can be some interoperability in a vertical hierarchy of local, state and federal databases, there is very little interoperability horizontally between neighboring jurisdictions. To search different databases, examiners must mark distinctive features for fingerprints manually for different systems, using different coding, notation methods and data definitions.

See also: Law enforcement interoperability, though little discussed, is a big deal

It looks like quite a lot of progress is being made on the interoperability challenges we’ve discussed from time-to-time.

Travelers and Feds agree: Trusted traveler programs should be bigger

With the first person account of the enrollment process at the beginning, the story starts badly for biometrics. What follows is a very good discussion of various trusted traveler programs and how they could fit together in a future air travel identity management landscape.

Travelers Welcome a Customs Shortcut (New York Times)

The programs are all based on the concept of risk management, rather than the unattainable goal of total risk elimination. The idea is to develop standard criteria so the programs can work better with each other. They include Global Entry for international airport arrivals, as well as land-crossing programs like Sentri on the Mexican border (which is also open to approved Mexican citizens), and Nexus, a joint entry program between the United States and Canada.

They also include PreCheck, a program of the Transportation Security Administration that speeds screening at select domestic airports for passengers designated as trusted travelers.

The T.S.A. is working to expand eligibility for PreCheck beyond high-volume travelers chosen by airlines. The agency’s administrator, John S. Pistole, told me he wanted to develop a domestic program that he called “Global Entry Lite,” partly using Global Entry criteria, to increase PreCheck eligibility.

It’s good to see many of our regular themes — unattainability of perfection, interoperability, scalability — getting their due in this article.

Law enforcement interoperability

Law enforcement, NIST making fingerprint files easier to search (GCN)

Not all AFIS are alike, however. State and local agencies often maintain their own databases, and although there can be some interoperability in a vertical hierarchy of local, state and federal databases, there is very little interoperability horizontally between neighboring jurisdictions. To search different databases, examiners must mark distinctive features for fingerprints manually for different systems, using different coding, notation methods and data definitions.

More information on the NIST Biometric Conformance Test Software

Are your biometrics up to snuff? Free suite tests for compliance (GCN.com)

The BioCTS suite checks that the record of an iris image or other piece of biometric data being used has the correct data and in the order called for by the standard, so that it can be sent to and received correctly and filed accurately by any user, from the Homeland Security Department to state and local police departments. The conformance testing provides programmers, users and product purchasers with an increased level of confidence in product compliance and increases the probability of successful interoperability.

The tests do not ensure interoperability of different products, however; only that they adhere to common standards, Podio said. “Conformance increases the probability of interoperability, but cannot ensure it because of all the possible implementations that can be included” in a product. Each developer can implement different profiles from the standard, depending on how the product will be used.

More good analysis and links at the GCN link above.

Fraud, Crime and ID Interoperability

Police: Billerica suspect gave fake ID (Lowell Sun – Massachusetts)

Maybe Jose Vega thought he was fooling the police.

Confronted Tuesday morning, police said Vega identified himself as “Jose Negron.”

Unfortunately for Vega, Negron has a lengthy list of arrest warrants out of Essex District Court stemming from several felonious drug-related arrests in Lynn in 2008, according to police.

When he finally gave his real name, he allegedly admitted to police he was using Negron’s identity so he could work while collecting disability benefits.

One ID (Vega) is an able-bodied non-felon. Another ID (Negron) is a disabled felon.

Evidently (and unsurprisingly) the disability rolls and arrest warrants databases aren’t linked and there is a way to exploit both ID’s. The trick is using the compromised ID only with people in the handing-out-money business, and your real ID with those in the hauling-people-off-to-jail line.

Eventually biometrics helped police determine that Jose was telling the truth when he (Vega) confessed to being a fraudster rather than the wanted felon (Negron), so he’s got that going for him.

Michael D. Kirkpatrick FBI Assistant Director in Charge of Criminal Justice Information Services (Ret.) to Discuss Biometrics & Law Enforcement at July #BiometricChat

When: July 19, 2012 — 11:00 am EDT; 8:00 am PDT; 16:00 pm BST; 17:00 pm CEST; 23:00 pm SGT; 0:00 JST

Where: tweetchat.com (hashtag #biometricchat

What: Tweet chat on Biometrics and Law Enforcement with Michael D. Kirkpatrick (@MDKConsulting)

Topics: The past, present and future of biometric ID management applications in law enforcement, interoperability, modalities.

To send questions for the #BiometricChat:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

When John at M2SYS asked me to guest host the July #BiometricChat, I immediately thought of Michael Kirkpatrick. I’m happy to announce that he’s agreed to join us. I offer my sincere thanks to both of them for the opportunity.

Michael Kirkpatrick

Michael D. Kirkpatrick, as the FBI’s Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from January 2001 – August 2004, led the Division through profound IT changes especially relating to the application of biometric technologies to the challenges of law enforcement.

Back in the day (i.e. before 1999), fingerprint analysis for law enforcement purposes was a much different ball game. Everything was accomplished with paper, ink, and highly-trained, dedicated  fingerprint analysts. That made law enforcement biometrics pretty much the only biometrics game in town because there weren’t really any commercial applications for that type of set-up. Sure, some professions required criminal background checks, but the fingerprinting part was mostly there to make it easier to catch people in the event they committed crimes at some later date.

Presently, the FBI maintains the world’s largest collection of biometric data and facilitates information sharing between law enforcement organizations and a range of both public and private entities. The CJIS center handles more than 61 million ten-print submissions a year. Average response time for an electronic criminal fingerprint submission is about 27 minutes, Electronic civil submissions are processed within 72 minutes.

The successful transition from a paper system to an Integrated Automated Fingerprint Identification System (IAFIS), presented a range of technical, organizational and managerial challenges such as: What to do with all the paper records; What technical standards to apply to digitization; Determining what confidence level constitutes a match; How to receive input remotely and transmit results;  How to store the information securely; What policies to put in place; Determining whether current international agreements were adequate or forging new ones necessary. The list goes on and on.

Without the hard work sorting out these kinds of questions done by those at CJIS, biometric ID management applications, beginning with fingerprint biometrics, simply would not have nearly the impact in the public and private sectors that they do today. Michael D. Kirkpatrick was one of the many people who helped make it all possible.

Over the course of his career, Michael has done far too many interesting things in law enforcement and biometrics than can be listed here. Thankfully, he has posted a brief overview of some of his experiences at his site, here. He tweets at @MDKConsulting

We hope that you will spread the word among your colleagues and friends and join us Thursday, July 19 at 11am EDT.

Please send questions via:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

We’ll publish the chat questions in an update to this post early next week.

Biometrics “Fix” Identity

Even if there is fraud in the identification process, biometrics can be used to fix a single identity upon an individual.

An article in today’s Canberra Times about people smuggling brings home the point.

Despite some unauthorised arrivals’ lack of documents, biometric capability is critical. In a few cases, unauthorised boat arrivals will be identified from international databases, particularly through fingerprints. Even if people cannot be identified, the collection of biometric data on arrival provides a basis for anchoring the identity of an unauthorised arrival, so that the Australian community can be confident it is dealing with one person and that further identity-shifting is difficult. It also leaves open the possibility of identification in the future. [Emphasis mine]

One classic use of identity fraud among professional criminals is the use of multiple ID’s so as to keep a clean identity and a dirty identity. If possible, all the documents involved are “real” in that even the ID card related to the fabricated identity is issued by the legitimate authority.

When the the professional criminal with his family in the car is pulled over for running a stop sign in his neighborhood by a police man who goes to the same church, he presents his “real” ID. When he’s picked up in the course of his job, say 1,500 miles away, with a trunk full of weapons and narcotics, he gives the police the ID containing bogus information.

The arresting officers call the ID authority who created the false ID card. Sure enough, he’s in the database. No criminal record. Light sentence for a first offence and he can still go back to his life, get another ID, and go back to work, too.

The same pattern works well with fraud.

Pretty simple, right?

Well, yes — until biometrics.

Once ID issuing authorities institute biometric checks before issuing new ID documents, even a person who lies on their original ID application is stuck with only the one ID.* Further attempts to obtain additional ID’s can be detected and investigated. Later claims of a false identity (or lost ID) can be unraveled.

This is something that might have given pause to the person who supplied Mr. Coriander with fingerprints. If he thought the only time those fingerprints could be used for a UID number, he might not have found the joke as funny.

*This applies to discrete ID management system. If ID databases aren’t linked, it may be possible to maintain different identities in different databases.

UID to Link With Criminal Records System

Home Ministry plans to link its crime records with UIDAI (Economic Times)

The Union home ministry plans to link its crime records with the Aadhar unique identity project, signaling a reversal in its hostile stance towards the Nandan Nilekani-led Unique Identity Authority of India.

The home ministry’s 2,000-crore Crime and Criminal Tracking System project, which aims to create a central database of all crime records in the country, will have a provision for linking up with UID or Aadhar numbers, an official associated with managing the project said.

“The big plan is to link crime records with UID,” the official told ET. “This will make the database easier to handle and more accurate.”

UID has an incredible potential to help bridge Indian bureaucratic silos.