Biometrics definition, types, and how the technology works
Biometrics are physical (such as fingerprints and vein patterns) and behavioral (e.g., typing patterns) characteristics, which can be analyzed to identify a person digitally and grant access to data or systems.
Many argue that the first commercial use of biometrics is attributed to Sir William James Herschel. In the 1850s, Herschel was commissioned from Britain to Jungipoor, India. As Chief Magistrate, he was looking for a way to seal official documents. During times of unrest, Herschel was worried local contractors would not commit, and a signature would not be enough to prevent fraud. He decided to use handprints. The locals perceived this approach as binding and honored contracts signed that way.
All biometric systems follow three main steps:
Recording the physical or behavioral characteristics of choice together with the person’s name and/or identification number
Storing the selected elements after converting them into a graph or a line of code
Every time users attempt to log in, the system compares the characteristics they present to its existing records to either grant or deny access
Fingerprints: this is the oldest and the most well-developed method of biometric authentication. It is also the most commonly used type. Fingerprints can be collected using optical or thermal techniques. The resulting print is enhanced and processed with sophisticated algorithms to build a digital biometric template. We all see this identifier in phones and door panels.
Voice recognition: the way our voice sounds depends on the physical structure of our mouth and throat, and our habits. A voiceprint (or spectrogram) is used to compare voices and identify the speaker. It is created by analyzing the sound’s frequency, duration, and amplitude. Telephone-based service portals often use this recognition modality to identify customers. For this system to work, users need to say a predefined phrase or provide an extended speech sample.
Facial recognition: a facial structure is what people usually use to recognize each other. This is also a common biometrics technology suitable for surveillance applications. You can build a simple facial recognition system using a digital camera and specialized software. For more complex setups, you can add an infrared light emitter. Facial recognition applications analyze over 80 points on the human face to decide if it’s a match.
Iris scan: iris-based recognition is performed using an iris scanner, a digital camera, and image processing software. To make this identification more reliable, one can add extra features, such as liveness detection (for example, the user is asked to blink). An iris has 200 reference points that are matched during identification instead of only 70 in fingerprints.
Retinal scan: retinal patterns are located deep inside the eye, a spot which a regular camera can’t reach. This recognition method requires a retinal scanner, which scans retinal blood capillaries with near-infrared light. With all the technical complications surrounding this method, it is rather accurate. retina-based identification is 70 times more accurate than iris-based systems and 20,000 more accurate than fingerprints identification.
DNA matching: forensic investigations extensively use DNA profiling. One can obtain a DNA sample through saliva, blood, buccal smear, etc. Even though this biometric modality is viewed as a reliable form of authentication, Israeli scientists demonstrated back in 2009 that it was possible to fabricate DNA. However, the same team conducted a test that could distinguish between fake and real DNA by analyzing DNA methylation patterns.
Hand geometry: hand geometry readers capture a hand’s image and measure different features, including fingers’ length, width, thickness, and curvature. The performance of this identification system is not affected by skin conditions, but a hand’s shape can change when the subject ages or loses weight. Hand geometry is primarily used in attendance tracking and physical access applications.
Signature recognition: biometric signature verification is not limited to letters’ shape. It also analyzes features such as writing pressure, inclination, and special coordinates. This method is popular in banks and other financial institutions.
Body odor recognition: this is a relatively new recognition modality. Researchers at the Polytechnic University of Madrid started to explore body odor as a unique identifier in 2014. Dietary changes and diseases don’t impact this identification method. This technique is still in its infancy, but it shows promise. Body odor is impossible to replicate, making the technique highly secure. Also, simply passing by a sensor is less intrusive than the eye or fingerprint scanning.
Why biometrics are used in healthcare
Medical uses of biometrics aim to solve two main problems: patient matching and patient identification.
Highlighting the patient matching problem, Ben Moscovitch, Project Director for Health Information Technology at the Pew Charitable Trusts, said: “Research has shown that up to half of patient records may not be matched when transferred from one healthcare facility to another. This can harm patients. For example, if one record indicates that a patient has a particular allergy that is not documented in the other record, and the information is shared, and the patient is given a drug to which they are allergic.”
“Having duplicate records in the system can cost $96 to fix each duplicate record. It can cost up to $1,000 to remove data of two patients that have been comingled,” Moscovitch added.
According to Moscovitch, biometrics can improve healthcare costs by eliminating patient mismatches.
Patient misidentification has been a persistent problem in healthcare facilities as well, and it brought a lot of grief to patients and lawsuits to hospitals. In one example, a patient received chemotherapy designated for another patient. The responsible nurse confirmed the patient’s ID from their wristband before administering the treatment. Little did she know that there was another patient with the same first and last name in the hospital’s database. Luckily, the patient didn’t sustain much physical harm but they still sued the hospital and won.
With all these terrible events, the healthcare sector is looking for a new solid identification form. Biometrics are irrefutably unique identifiers that are attached to the patient and cannot be “lost.”
Advantages of biometrics in healthcare
A reliable method of identification that cannot be stolen or forgotten like passwords
Easy and convenient to use, as there is no need to carry a physical object
A cheaper identification method in the long term, as it helps eliminate costly duplicates. Commenting on the promise of health biometrics, RightPatient Cofounder Michael Trader said: “Compared to manual methods of identification that lead to an 18% average duplicate record, $1.5 million annual losses in claim denials, and a significant impact on patient safety, health systems should not see any limitations in implementing biometrics to address these issues”
Suitable for people with special needs. One study has shown that illiterate people are content to use biometric identification as they don’t have to reveal the fact that they can’t write
Disadvantages of biometrics in healthcare
Medical organizations need to be careful about data security issues. If sensitive information is exposed, the consequences can be severe. If someone’s password got hacked, the person can easily replace it. But if biometrics data got exposed, you cannot change someone’s eyeballs or fingerprints. You will likely need to replace the identification system or exclude the victim
It is often costly to acquire biometrics identification technology
Physical damage can render the body part involved in biometrics unusable
Biometrics healthcare applications
Hospitals are using biometrics in healthcare mainly for employee and patient identification. This improves workflow, reduces duplication, and makes patients recognized throughout the health system. Patient matching across healthcare providers is still not widely adopted, even though it’s a promising use case.
However, the healthcare sector’s interest in biometrics is clearly increasing, according to Sean Kelly, MD, Chief Medical Officer at Imprivata, the digital identity management company. ”We have seen an increased investment in biometrics by our healthcare customers as a way to accurately identify people in their ecosystems, including patients and clinicians, maintain secure access to protected health information, and secure high-risk workflows such as electronic prescribing for controlled substances,” he said.
Many healthcare organizations have already adopted medical biometrics. For example, the University of Pittsburgh Medical Center installed finger scanners. Houston-based Harris Health System is using palm vein scanning for identification. Northwell Health is experimenting with facial and iris-based recognition technology.
There is even a handheld tool for scanning fingerprints of newborns. Even though a baby’s fingers are fully formed, they are tiny and mushy in a way. This device employs seven times more sensitive sensors than regular fingerprint scanners to obtain a precise image.
Here are some examples of biometrics-based identification in healthcare:
Medical biometrics in data security and cloud access
Many healthcare organizations are going through digital transformation and moving their data to the cloud. Imprivata, for instance, has integrated its OneSign solution with Microsoft Azure, allowing its healthcare clients to access their data on the cloud using biometric screening of fingerprints as an identification method.
Healthcare biometrics for regulated substance prescription
Electronic prescriptions for controlled substances are highly regulated and need a formidable form of authentication. Imprivata, the company mentioned above, built a biometrics-powered Confirm ID solution that allows healthcare organizations to fulfill their Drug Enforcement Administration (DEA) requirements for electronic prescriptions of controlled substances.
Medical biometrics in telehealth
Since the pandemic, telehealth is becoming increasingly common as it allows patients to receive qualified medical care from the safety of their homes. Biometrics-based authentication can serve as a secure login method to telehealth portals for both patients and physicians.
Healthcare biometrics in the fight against COVID-19
To stop the pandemic, healthcare institutions are looking for an effective worldwide COVID-19 vaccine rollout. This is challenging as almost a billion people across the world don’t have a legal ID. Considering this, Gavi, the global vaccine alliance, and other healthcare players believe biometrics in healthcare is a viable solution to this problem. This identification method will ensure privacy and security and will be suitable for countries without a foundational identification system.
Scientists hope that identification systems based on biometrics in healthcare will help them keep patient records as long as needed and will accommodate new vaccine jabs and boosters.
Ghana Health Service has already partnered with Gavi to start its biometrics-based country-wide vaccination program towards the end of 2021. They are testing fingerprints and facial recognition systems. To receive a vaccine jab, patients don’t need to have any formal identity. Their biometric profile will be created on the spot and will be used in the future to identify individuals coming for their second jab.
After COVID vaccination is over, Ghana Health Service plans to deploy this system to cover other routine vaccines.
Biometrics and healthcare: challenges and considerations
Biometric authentication requires additional software, which must be compatible with the hospital’s EHR platform and other applications involved. Otherwise, technical issues can arise like with Windows Hello, a biometrics-based technology that grants access to apps, devices, etc. It wasn’t widely adopted because it is limited to Windows 10, and when it rolled out, many hospitals were still upgrading their operating systems to the latest version.
Assess the potential impact of the new biometric solution on your available IT infrastructure, including your network capacity and integration with existing systems.
Choose a reliable healthcare biometrics vendor who will be available for after-sales support and help fix any negative impact the system might have on your other applications. Also, it is best if your vendor is already familiar with the healthcare domain and the regulations around it.
Protect your medical biometrics data. Biometrics fall under the category of protected health information (PHI). Medical facilities need to safeguard this data following the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and other regulations applicable in their country of operations. Five US states have passed the Biometric Information Privacy Act (BIPA) at the moment of writing this article. Other states are debating it. So, watch the news carefully to ensure compliance.
Train your employees on proper usage of this technology so that they can maintain the system and secure the data.
If you decide to opt for biometrics identification, ensure that every individual is adequately enrolled and has given explicit consent. You might consider enhancing the quality of biometric scans during the enrollment phase to achieve better results in identification. For example, in the case of scanning fingerprints, there is a prescan treatment called “milking the finger”, which helps raise fingerprint ridges.
Biometrics don’t offer the ultimate security. Deloitte cites studies where US-based researchers designed copies of fingerprints that can unlock around a third of existing smartphone models. In another instance, a UK-based organization experimented with hacking facial recognition systems using 3D-printed heads. To strengthen the system, one can use multifactor authentication, such as combining biometrics with PIN codes.
This technology can be biased. For example, facial recognition algorithms show higher error rates, up to 34%, when attempting to recognize dark-skinned females than white males.
Takeaways for your business
The combination of biometrics and healthcare can solve two significant problems: patient matching and patient identification. However, there are things to consider when installing this technology. Violate user data privacy, and you are in trouble. Install a solution that is not compatible with your existing systems, and you are in trouble again. Fail to gather high-quality biometrics profiles of all users, and the system will not deliver on expectations.
To get the best out of biometrics solutions in healthcare, perform a comprehensive assessment of your infrastructure, follow data storage and usage regulations, and work with a reliable vendor who will support you in case of any malfunctioning.