Healthcare Directors Sound off on Biometrics and HIPAA Usage

"Biometrics technology, which some provider organizations view as an attractive way to meet HIPAA security rule user authentication requirements, is ready for widescale adoption in the health care industry. Do you agree or disagree?"


Evelyn Elliott, Director of Pharmacy, Kern Medical Center, Bakersfield, Calif. -- "We have been using fingerprint recognition to access our automated medication dispensing devices for more than two years now. It is a very stable platform and has performed very well. It is one of the foundations of our security plan for medications. Users cannot argue that someone 'stole' their password."

Kathy Runyon, Senior Management Information Systems Analyst, Santa Clara Valley Health & Hospital Systems, San Jose, Calif. -- "Biometrics products have become more cost-effective in the last few years and are a good method for authentication and access, especially for portable devices. Laptop computers now are in common use in health care and contain protected health information. However, laptops are easily lost or stolen and thus must have additional safeguards."

Gregg Martin, CIO, Arnot Ogden Medical Center, Elmira, N.Y. -- "The reasons why most in this poll feel that biometrics is not ready for prime-time use in health care likely is more a reflection of cost and cultural issues than technological ones."

Wayne Singer, Senior Vice President, eMedicalFiles Inc., Goose Creek, S.C. -- "The biometrics process of fingerprints is more than ready for prime time. But I feel people are confused for two reasons. We can use fingerprints to allow people to prove who they are, a process not to be confused with the crime scene method of finding out who owns the prints. Also, we can keep the information with us and do one-to-one matches, as opposed to the one-to-many databases approach, thus avoiding the 'Big Brother' concern. Other forms of biometrics are not ready for mass deployment, but finger imaging is ready."

Vineta Bhalla, M.D., Singapore -- "Biometrics, applied in an effective way, can do what other privacy protection technologies were limited in doing, especially since limiting factors such as public/private keys, personal identification numbers and personal identification chips will not be an issue for authentication. Moreover, the consent issue also will be greatly resolved as long as there is a witness to biometrics authentication."

Alfredo Puga, Regional Technician, TRISUN Healthcare, San Antonio -- "I believe the technology is ready, but users are not. Education and support from upper management is the key ingredient, and don't forget follow-up. If we can educate our staff on the benefits the technology can provide, it makes it much easier to implement. "


Ross Leo, Director and Chief Security Officer, UTMB Managed Care, Galveston, Texas -- "Biometrics technology has been proven effective in several different environments. It is a mature technology, although still evolving in terms of its accuracy, reliability and overall performance. This part of the question is easily answerable, but does not represent the actual problem with its adoption. The problem is workforce acceptance. In health care, the introduction of a new technology of this nondiagnostic/nontreatment/nonbillable type means a modification to the workflow of nearly everyone. Anything that modifies the workflow of doctors and nurses, unless introduced very carefully, faces an uphill battle to achieve acceptance. Health care workers are surrounded by technological wonders, but these are routinely associated with diagnosis or treatment. Biometrics devices are not used in these ways. That means the organization cannot bill for them or their usage, and there is no way to meaningfully measure return on investment. When entities employ such things, it is usually in response to external stimuli, such as legal, accreditation or compliance issues. Basically, it means there will be costly trouble if this is not employed. But as long as the risk remains nebulous and the cost of this technology remains high, the entity will far more often opt to accept the risk and not introduce the technology. Biometrics can be done. I am doing it now and am achieving success, but it has not been without challenges."

Dwyane Moehl, Project Director, Northwestern Memorial Hospital, Chicago -- "Biometrics for HIPAA security is not ready. Vendors need to build a standard approach for authentication. Also, the authentication methods will need to be determined by each clinical unit. For example, the operating rooms may require different technology than a medication unit."

Cinny Tinsley, PACS Administrator, Anne Arundel Health Systems, Annapolis, Md. -- "While testing biometrics devices in I.T. (we tend to be the organizational guinea pigs), we tried different devices. Fingerprint scanners worked well for some, but not everyone. There was enough variation in the success rate that I feel it would be a problem to roll it out to the floors. We also tested iris scanners, which work but are slow."

Arlene Lepper, Compliance Officer, Placentia Linda/San Dimas Community Hospitals, Calif. -- "Biometrics technology is ready for widespread adoption, but health care organizations are not ready to adopt the technology. When money is tight and prioritization of resources is a must, biometrics is way down the list of needs."

Armand Gonzalzles, M.D., Medical Director, Riverpoint Pediatrics, Chicago -- "Fingerprint security or retinal scan security are certainly the benchmarks for secure access to computerized data. The technology, however, will not prevent server break-ins, and will not prevent staff from leaving patient Social Security numbers in trash cans. Most physician offices do not have electronic medical records systems and many outsource their billing, so the most common form of identity theft is not from computerized data, but from negligence."

Dan Fitzpatrick, Vice President of Sales and Marketing, Flo Healthcare, Norcross, Ga. -- "The technology is not keeping pace with the bad guys' ability to work around it. Users will not modify their workflow to accommodate an extra step to getting at their data. Also, it is seen as yet another thing that is keeping nurses from spending more time with their patients."