The idea of not having to change passwords every 90 days or use complex phrases to log in is extremely satisfying for many in healthcare. Increased security risks and highly sensitive information have pushed hospital IT to implement policies that have not been very popular among end users, but are a necessary evil to ensure only authorized users are allowed to access hospital systems. With the introduction of popular biometric technologies like facial recognition, voice authentication and fingerprint checks, there is a desire by many to shift to those tools to eliminate password headaches. But are all biometric technologies ready for primetime in healthcare?
Deploying biometric technology is easier said than done, and IT departments face a number of challenges ranging from hardware to software compatibility. Those who succeed at deploying biometric authentication to facilitate access to the EHR or to e-prescribe Schedule II narcotics would be happy campers. However, healthcare CIOs and CISOs have to deal with the reality that not everything is as good as it sounds. There are always pros and cons hospital executives and decision makers must consider.
With the increasing cyberthreats against healthcare organizations, one of the concerns for IT is to ensure attackers do not use end user credentials to gain access to systems. Many have implemented multifactor authentication (MFA) to increase security and ensure that only authorized users have systems access. Biometrics are being introduced as part of MFA to improve security and are considered an ideal option that can keep hackers at bay.
Improving staff access
By implementing biometric technologies instead of using hardware tokens and other authentication methods, staff have a more efficient way to access hospital systems. They will no longer be required to enter a six-digit token or SMS security code.
Unfortunately, even with as popular as biometric authentication has been, there are a number of concerns around its accuracy.
Varying security risks
There have been instances where fingerprints have been successfully fooled or bypassed. As a result, some IT and security engineers opt for other biometric technologies that carry less risk. For example, palm scanners that use the unique vein patterns in an individual’s hand, and retina scanners that detect unique patterns in the eye to authenticate tend to be more secure alternatives. Some newer methods of facial recognition like Microsoft Windows Hello or Apple Face ID have both shown positive results despite reports that they have been fooled successfully.
Specific software requirements
Unfortunately, additional software is required for biometric authentication. This can cause problems if EHR platforms and hospital systems are not compatible with the technology, leaving many hospital CIOs with limited options. For example, Windows Hello allows facial recognition to access the operating system. However, it has not been widely adopted in healthcare since it requires Windows 10 and many hospitals are still transitioning to the latest Windows OS.
Biometric technologies are being used for more than just access to computer software and secure systems. Countries like India are relying on a national identification system that allows its citizens to receive government subsidies after they have successfully authenticated against a national database via fingerprints. Hospitals are recognizing that despite some concerns around biometric technology, using this authentication form factor is improving their security and reducing risks related to stolen identities.