As Records Go Digital, Biometrics Integrates into Healthcare Sector

July 13, 2006
Security of patient data, facilities, and reduction of billing fraud lead charge, says researcher

Biometrics is ready for primetime in the healthcare sector. That's the word from Victor Lee, a senior consultant with International Biometric Group, a Manhattan-based biometrics consultancy, integrator and research firm.

Lee, who presented his viewpoint on biometrics and healthcare via a live IBG audio program this afternoon, said that issues of fraud and compliance are the driving factors behind adoption of biometrics in the healthcare industry.

In his presentation, Lee said that today's healthcare organizations are finding four key ways to use biometric identity matches. The first, he said, is in the combating of insurance and billing abuses.

"The National Healthcare Anti-Fraud Association estimated that in the United States alone, at least $51 billion -- which is about 3 percent of the nation's healthcare outlay for calendar year 2003 -- was lost to outright fraud," explained Lee, who added that the 3 percent number may be conservative, and that some put the number closer to 10 percent.

From issues of phantom billing and "upcoding", Lee says fraud can come from the providers themselves. Audit data that is stamped with a biometric approval, he says, makes this process much more secure, and links the different parties involved with the submission so there's less a chance of fraudulent claims and billing.

Lee noted that in Texas, the Medicaid Integrity Pilot (MIP) was put in place in 2004. The pilot program uses both smart cards and biometric authentication, and was designed for "recipient verification at the point of service." The program has since transformed out of the pilot stage and into the so-called "MAC" program, a mandatory program of a similar design which requires healthcare users to check in with smart card or biometrics when they sign in at some providers. To meet concerns of privacy, the program uses a match-on-card approach where the fingerprint scan was matched to the data on the card, not to a provider-housed fingerprint database.

Lee noted that biometrics had also been used in the South African healthcare system that to prevent recipient fraud. The challenge, he says is that South Africa has been plagued by healthcare users who would claim to be many different people to get added benefits.

For records management, Lee says the driving factor has been HIPAA, the Health Insurance Portability and Accountability Act, which requires privacy be maintained, an act passed in 1996. And while HIPAA doesn't specifically promote biometrics, Lee said that documents from the American Medical Association regarding HIPAA compliance have specifically supported biometrics as a method of compliance with this act.

Lee sourced Florida's Elife program as an example of how biometrics made healthcare information HIPAA compliant. The program was designed to overcome problems with remote medical needs following hurricanes. The program used a card and biometric to validate responders seeking in-the-field access to patients' health records.

According to Lee, a number of health providers are turning to these types of electronic medical records.

"When you link people with electronic health records, more accurate and efficient medical care can be provided," said Lee. "For instance think of an unconscious individual who can be identified without using any of the traditional forms of documentation and subsequently linked to their medical records."

The key, says Lee, is that biometrics can be the deciding access control factor on whether to allow access to electronic health information. And it works as an identity and access solution whether or not those medical records are stored on a smart card that the patient keeps, or whether it's stored in a centralized medical database that can only be accessed by 1) a known health provider, or 2) the individual him or herself.

"While biometric implementations in the healthcare sector can be driven by legislation, the real success of biometrics in such applications tends to be predicated on application-specific business cases," concluded Lee. "This has to be based on the calculations of the costs associated with current practices, as well as the costs to integrate and deploy these biometric technologies, and the degree to which biometrics can reduce or eliminate deficiencies in current practices and the degree to which biometrics will introduce new complications or deficiencies.