-
UT student group C
Megan, I think it would be best for the password/ID card system to remain in place as a back up for the biometric system, as well as for those employees who do not consent to using such a system. This would not only take care of the "true consent" situation, but also it would be there for cases in which there is a glitch in the biometrics system, as others mentioned. As far as the information being protected from breaches, I just think that security breaches are always a risk no matter which system is in place. The problem here is that if someone were to access your fingerprint, for example, they could do a heck of a lot more with it than just access your bank account.
-
UT student group C
Elizabeth, I agree with you on that there shouldn't be just one security system in place, as I also wonder what would happen if something happened and you were not able to use a specific biometric system because you no longer have the necessary body part. I would hope however, that any biometric system used in a hospital would be able to differentiate between a live and dead body part, so as to prevent the chances of anyone being able to chop off your finger, or any other body part for that matter, and use it to get unauthorized access to the system. I did not know that you could use a voice recognition system to work over the phone. It might be more accurate, but it sounds like it would be easier for someone to get around that. Not only could someone force you to talk into a phone in order to get access, as you mentioned, but also, what if someone records your voice without you knowing? As far as your concern about someone being fired goes, I do think that the data is deleted in that case, or at the very least deactivated just as they do with access cards or IDs. Therefore, that person would not have access to the system once he/she is no longer an employee. I don't know much about the international sharing the governments want to do of said information, but in any case I would most definitely want to be informed of all the details concerning how, why, when, and who uses/sees my information. I'm not sure what you mean by a fingerprint cancelable biometric. Can you please expand on that? Thank you!
-
UT student group C
UTGC-PT I think that it is inevitable that hospitals will use biometric systems for purposes of allowing employees access to electronic health records. I agree with the use of such systems where there is a need to control access for security purposes and where there are no less invasive alternatives to achieve the same level of security. Hence, different types of systems should be assessed before implementing any particular system. In the case that a biometric system is in place, I believe it to be important that the employer informs the employees of who will be handling the data, all the purposes of processing the data, and any other parties with which the data might be shared. It would be hard even after such disclosure, however, to say that an employee has truly given "consent" for his/her data to be processed if the use of a biometric system is not given as a choice, but is rather the only option. I personally don't see a problem with it as long as the employer has appropriate security measures in place to prevent any unauthorized access of the employees' personal data, and as long as all such data is deleted once the employee no longer works for said employer.