UT student group C

Published

Here is your discussion board topic>

Due on MAY 9th at 2 PM

The most secure method of authentication in information technology is biometrics.

What is your ideas on hospitals storing different biometrics of the employes for purpose of allowing access the electronic health records.

UTGC-PT

I think that it is inevitable that hospitals will use biometric systems for purposes of allowing employees access to electronic health records. I agree with the use of such systems where there is a need to control access for security purposes and where there are no less invasive alternatives to achieve the same level of security. Hence, different types of systems should be assessed before implementing any particular system. In the case that a biometric system is in place, I believe it to be important that the employer informs the employees of who will be handling the data, all the purposes of processing the data, and any other parties with which the data might be shared. It would be hard even after such disclosure, however, to say that an employee has truly given "consent" for his/her data to be processed if the use of a biometric system is not given as a choice, but is rather the only option. I personally don't see a problem with it as long as the employer has appropriate security measures in place to prevent any unauthorized access of the employees' personal data, and as long as all such data is deleted once the employee no longer works for said employer.

What type of biometrics would the hospital use? The textbook mentions that the iris or retinal scan is very accurate but is less beneficial in healthcare because it takes longer. It takes 10-15 seconds compared to less than 5 seconds for a fingerprint. It mentioned as well that that you would have to remove eyeglasses (Sewell, p. 363). If someone wore contact lens would they have to remove them. I don't think that is very practical. The length of time it takes to to scan the iris or retina is not practical as well.

The advantage of a log in name and password is that if you forget it or it is stolen you can get a new password. The disadvantage of a fingerprint is that you wouldn't be able to do that if something were to happen and you no longer had fingerprint. The way the biometric system is set up there is no way to cancel it or reissue a new one. However, I did read that the first fingerprint cancelable biometric has just been developed. I'm not sure when it will be available to buy and install though. I think this would be necessary as a precaution. Does that mean if can you cancel one it and reissue a new one it is less secure as a result?

I think it might put someone in danger of being stalked and assaulted. I don't know how accurate it is but there have been reports of thieves cutting off the fingers of victim to try to use prints to steal BMW. I heard of someone having used a prints of someone's fingerprints to break into a vault. However, I realize that these are most likely not accurate but that doesn't mean someone won't try it. I think any system that only uses only one way of securing a system is at risk. I think it should have a back up system as well.

I think the same concerns apply to using a voice recognition. What would happen if you had a cold or injured it in some way? The textbook mentions that it can be used long distance over the phone. What would happen if someone forced you to use your voice to get through? What if someone is fired? Is there a way to prevent them from getting into system? However, I do like the that it is two to three times more accurate than fingerprints. The textbook mentioned that it is less expensive as well (Sewell, p. 363).

I realize in a healthcare setting many of these wouldn't be of concern. I don't think I would have a problem if the hospital I worked at wanted to use biometrics to store employee information. It seems like it would be much more secure. It seems like it would be quicker and more convenient as well. However, I would want to know what happens to my information if I were to no longer work for them. I would want to know who else might have access to information and how else it might be used as well.

I agree! I would want to know that it is protected and be reassured that it would be deleted after I left. I like that it is more secure and convenient. I think it is inevitable that it will be used more and more often as well. I think overall this is a good thing but I do have some concerns. One of them you mentioned regarding using more than one system. I mentioned some of my other concerns below. One other concern is that governments want to share this information with each and work together on an international level to use biometrics to catch terrorists. I think that this is good but at same time have concerns about privacy. For example, if we start using fingerprints whenever we buy groceries, gas, etc. Does that mean someone knows where we are all the time? Is that a good or bad thing? I agree that we should have the option of saying no and know who has access to it and how it is processed. I don't know if any laws have been passed regarding how it can or can't be used.

The above response was in reply to Pam's post. It won't allow me to reply under her comment the way most threads do.

Elizabeth, I agree with you on that there shouldn't be just one security system in place, as I also wonder what would happen if something happened and you were not able to use a specific biometric system because you no longer have the necessary body part. I would hope however, that any biometric system used in a hospital would be able to differentiate between a live and dead body part, so as to prevent the chances of anyone being able to chop off your finger, or any other body part for that matter, and use it to get unauthorized access to the system. I did not know that you could use a voice recognition system to work over the phone. It might be more accurate, but it sounds like it would be easier for someone to get around that. Not only could someone force you to talk into a phone in order to get access, as you mentioned, but also, what if someone records your voice without you knowing? As far as your concern about someone being fired goes, I do think that the data is deleted in that case, or at the very least deactivated just as they do with access cards or IDs. Therefore, that person would not have access to the system once he/she is no longer an employee. I don't know much about the international sharing the governments want to do of said information, but in any case I would most definitely want to be informed of all the details concerning how, why, when, and who uses/sees my information.

I'm not sure what you mean by a fingerprint cancelable biometric. Can you please expand on that? Thank you!

Biometrics have been utilized as a security tool and protocol for many different industries. I think that there is definitely a place for their implementation in the healthcare setting. However, due to the high volume and fast pace of the clinical setting, this tool would need to be tested thoroughly for quality and control measures. The last thing healthcare workers want is one more hoop to jump through to perform their duties. I think that if the clinicians were allowed an input into their uses it would give greater success to the biometric tools. Security, confidentiality, and quality are priorities that should be maintained in the medical field. Systems that support those goals should be welcomed into the creative process of making healthcare function more efficiently and effectively. My only concern is including all the individuals that would be involved in such a change to voice concerns and ideas to make it work better for everyone.

I think hospitals using biometrics for the purpose of allowing access to electronic health records has its advantages. It would help increase security of very sensitive information. It would reduce the problem of forgotten passwords and lost IDs. It would not allow people to share their access to electronic health records with someone else. While a password can be shared with other people, a fingerprint cannot be shared with another person. Biometrics would hold a person responsible for the information that he or she puts in a patient’s chart. It would prevent healthcare professionals from being able to chart for a co-worker. On the other hand, biometrics for employees to be allowed access to electronic health records has its disadvantages. Biometrics brings up a range of privacy uses. It seems very “Big Brother”. Every time a person uses biometrics, some type of database will most likely track them. If fingerprints are used for access and a security breach occurs, how would you put in a new system? You can’t change your fingerprint. A password can be changed if there is a security breach but a fingerprint is physically apart of a person and it specifically unique to each individual. You would have to physically alter a person’s body to change a fingerprint on a person. Also, safety becomes an issue with biometrics. Criminals could cut off a person’s finger or cut out a person’s eyeball. There are people out there who spend all their time trying to hack into systems and if hospitals switch to biometrics, these people will use any resource available to breach the system. Biometrics poses a great risk if breached. People’s personal information will be exposed to the world and this information is not as easily changeable as something as simple as a password.

Pam,

I really the part in your post "It would be hard even after such disclosure, however, to say that an employee has truly given "consent" for his/her data to be processed if the use of a biometric system is not given as a choice, but is rather the only option." I hadn't thought about that. If a hospital is to enforce biometrics, people would have to give consent for their personal information to be used but if they don't have a choice is it violating a person' rights. A person has autonomy. By a hospital enforcing biometrics, it would take away a person's autonomy about their body. I understand appropriate security measures would have to be put in place, but how can that be guaranteed? Don't most companies have the "appropriate measures in place" to protect people's information, yet companies have security breaches all the time. Look at Target. They had a security breach and responded slowly even though people's personal information was stolen such as bank account and social security numbers. If biometrics get stolen, how can you change the system quickly enough so people's person information is safe?

Marrisa,

I noticed when I was at ICU at St. Jude they were using biometrics in supply room when they need to use the computer or access medications. The device used scanned the nurse's fingerprint. She mentioned that the individual patient's room also has a place to store patient's medication and supplies. The nurses open it by scanning fingerprint as well. I was very impressed with how quick and accurate it was. It seemed much more efficient and secure than typing in a log in name and password or number from an ID badge. However, there are some things such as a medication for a PCA pump that was sent up that a patient didn't need right away that had to be locked in a safe. The nurses in that case had to use two keys at same time to access it and use keys to install or remove it from PCA pump. I suppose biometrics could be used as well but it seems very expensive to convert everything to biometrics. I suppose with time they will considering keys can be lost or stolen. It will be interesting to see how it is used in healthcare.

Elizabeth,

It is interesting that St. Jude was using biometrics. I'm not surprised since it is a state of the art research hospital which tends to be up on the latest technology. I think biometrics in a medication room is useful. I'm assuming the nurse used her fingerprint in a medication room away from patients and other people. In that case, biometrics would be efficient. I don't know how I feel about biometrics being used in a patient's room on something like a PCA pump, because it does pose the threat of someone trying to lift fingerprints off a machine while the nurse is away. Maybe I'm paranoid or have watched too many episodes of Criminal Minds, but I believe people are capable of anything. When it comes to sensitive personal information, there can never be enough caution taken especially in a healthcare environment.

UTGC-JH

I think that a case could be made for more standard security systems remaining relevant. In an industry that values security in parts of the job, I can see the draw for the newer shinier thing, but it just doesn't seem necessary or as foolproof as the mechanical methods. Besides some people's feelings that their body imprints are personal, I am imagining an emergency situation where someone is trying to stand still long enough to do a precise biometric scan. I had an old job with an absolutely terrible fingerprint scanner that defeated its own purpose with oversensitivity, and while I'm sure the technology improves every year, sometimes keys and ID cards can be more versatile.

+ Join the Discussion