UT student group C

Elizabeth,

It is interesting that St. Jude was using biometrics. I'm not surprised since it is a state of the art research hospital which tends to be up on the latest technology. I think biometrics in a medication room is useful. I'm assuming the nurse used her fingerprint in a medication room away from patients and other people. In that case, biometrics would be efficient. I don't know how I feel about biometrics being used in a patient's room on something like a PCA pump, because it does pose the threat of someone trying to lift fingerprints off a machine while the nurse is away. Maybe I'm paranoid or have watched too many episodes of Criminal Minds, but I believe people are capable of anything. When it comes to sensitive personal information, there can never be enough caution taken especially in a healthcare environment.

UTGC-JH

Hah, is that sort of thing really possible? I thought it was only in the movies. Either way, there is a reason why people still keep their most valuable backup files or secrets off technology and in physical form: mechanical will always be more simple and trustworthy than technological. A pair of keys entrusted to an individual leaves just one possible culprit if anything ever went missing, I'm thinking.

Biometrics in the medication room is most definitely the safest but also very time consuming. Yes, it reduces many errors and holds the nurse more accountable but in certain situations I feel as if it would frustrate me. Using biometrics for accessing electronic medical is genius in my opinion. I know I have experienced fighting over a patient's paper chart with other health care providers because there is no EMR. By using biometrics to access EMR's it allows healthcare workers to use their tablets or PCs to access the chart anywhere and verifying by online signatures and voice modalities, at least this is what my research stated. This is the way of the future and I believe it is exciting but I am curious to witness the mistakes that may occur from this.

I also believe that biometrics in the medication room is the safest way of distribution. However, I also agree with previous posts that it can be very time consuming and in an emergency situation, it may not be the best method. As mentioned before, finger print scanners can be very sensitive. But what happens if you have a cut on your finger and have it covered up because you are in the hospital? What if no "backup" finger print is available? It has been brought to my attention that some hospitals that use the finger print scan system, things like having a cut on your finger can make getting the things you need very difficult. Also, when in a pressing situation, like a code, half the time no one can get their print to scan. While I think biometrics is a great idea in theory and is great for control, I don't think all of the "bugs" have been worked out of it yet and am curious to see how it will advance in the future.

"What type of biometrics would the hospital use? The textbook mentions that the iris or retinal scan is very accurate but is less beneficial in healthcare because it takes longer. It takes 10-15 seconds compared to less than 5 seconds for a fingerprint. It mentioned as well that that you would have to remove eyeglasses (Sewell, p. 363). If someone wore contact lens would they have to remove them. I don't think that is very practical. The length of time it takes to to scan the iris or retina is not practical as well.

The advantage of a log in name and password is that if you forget it or it is stolen you can get a new password. The disadvantage of a fingerprint is that you wouldn't be able to do that if something were to happen and you no longer had fingerprint. The way the biometric system is set up there is no way to cancel it or reissue a new one. However, I did read that the first fingerprint cancelable biometric has just been developed. I'm not sure when it will be available to buy and install though. I think this would be necessary as a precaution. Does that mean if can you cancel one it and reissue a new one it is less secure as a result?

I think it might put someone in danger of being stalked and assaulted. I don't know how accurate it is but there have been reports of thieves cutting off the fingers of victim to try to use prints to steal BMW. I heard of someone having used a prints of someone's fingerprints to break into a vault. However, I realize that these are most likely not accurate but that doesn't mean someone won't try it. I think any system that only uses only one way of securing a system is at risk. I think it should have a back up system as well.

I think the same concerns apply to using a voice recognition. What would happen if you had a cold or injured it in some way? The textbook mentions that it can be used long distance over the phone. What would happen if someone forced you to use your voice to get through? What if someone is fired? Is there a way to prevent them from getting into system? However, I do like the that it is two to three times more accurate than fingerprints. The textbook mentioned that it is less expensive as well (Sewell, p. 363)."

I realize in a healthcare setting many of these wouldn't be of concern. I don't think I would have a problem if the hospital I worked at wanted to use biometrics to store employee information. It seems like it would be much more secure. It seems like it would be quicker and more convenient as well. However, I would want to know what happens to my information if I were to no longer work for them. I would want to know who else might have access to information and how else it might be used as well."

Elizabeth,

I agree with having a backup system. What happens if for some reason you aren't able to scan the body part selected to gain access to the system? Maybe a backup such as a second print or a different body part all together? I do like biometrics because it can eliminate the someone stealing your password and getting access under your name. But there are definitely some kinks to be worked out.

Pam,

I really the part in your post "It would be hard even after such disclosure, however, to say that an employee has truly given "consent" for his/her data to be processed if the use of a biometric system is not given as a choice, but is rather the only option." I hadn't thought about that. If a hospital is to enforce biometrics, people would have to give consent for their personal information to be used but if they don't have a choice is it violating a person' rights. A person has autonomy. By a hospital enforcing biometrics, it would take away a person's autonomy about their body. I understand appropriate security measures would have to be put in place, but how can that be guaranteed? Don't most companies have the "appropriate measures in place" to protect people's information, yet companies have security breaches all the time. Look at Target. They had a security breach and responded slowly even though people's personal information was stolen such as bank account and social security numbers. If biometrics get stolen, how can you change the system quickly enough so people's person information is safe?

Megan,

I think it would be best for the password/ID card system to remain in place as a back up for the biometric system, as well as for those employees who do not consent to using such a system. This would not only take care of the "true consent" situation, but also it would be there for cases in which there is a glitch in the biometrics system, as others mentioned. As far as the information being protected from breaches, I just think that security breaches are always a risk no matter which system is in place. The problem here is that if someone were to access your fingerprint, for example, they could do a heck of a lot more with it than just access your bank account.

Amy,

You have made some great points. I did not think about someone forcing you to say something to use voice recorder. I also did not think about if something were to happen to your fingerprints such as if your hand got burned. Therefore, I will have to say that with these potential problems, the username/password may be the easiest bet. However, just as someone could force you to use your voice, they could also force you to login for them with your username/password or steal your username/password. Maybe if biometrics are used, then there should be multiple steps to the process such as voice, fingerprints, retina scan. If multiple components of the person is recognized then that would be safer. With this though, you have to think of how time consuming this process would actually take.

Elizabeth, I'm not sure what you mean by a fingerprint cancelable biometric. Can you please expand on that? Thank you!

Pam,

I don't know very much about it other than in the past you were unable to cancel something such as a scan of a fingerprint and now you can. There's quite a bit of information about the research that is being done and what they have developed so far on the internet. One article that you might like is at NCBI on Pub Med. It can be found at http://www.ncbi.nlm.nih.gov/pubmed/17299214. I hope this helps!

Elizabeth

P- I understand your concern regarding employees that no longer work at the site. There would need to be measures in place to ensure that their access would end with their termination.