Healthcare Directors Sound off on Biometrics and HIPAA Usage

Opposing viewpoints give insight into challenges, benefits of using this new technology in healthcare environment


Ross Leo, Director and Chief Security Officer, UTMB Managed Care, Galveston, Texas -- "Biometrics technology has been proven effective in several different environments. It is a mature technology, although still evolving in terms of its accuracy, reliability and overall performance. This part of the question is easily answerable, but does not represent the actual problem with its adoption. The problem is workforce acceptance. In health care, the introduction of a new technology of this nondiagnostic/nontreatment/nonbillable type means a modification to the workflow of nearly everyone. Anything that modifies the workflow of doctors and nurses, unless introduced very carefully, faces an uphill battle to achieve acceptance. Health care workers are surrounded by technological wonders, but these are routinely associated with diagnosis or treatment. Biometrics devices are not used in these ways. That means the organization cannot bill for them or their usage, and there is no way to meaningfully measure return on investment. When entities employ such things, it is usually in response to external stimuli, such as legal, accreditation or compliance issues. Basically, it means there will be costly trouble if this is not employed. But as long as the risk remains nebulous and the cost of this technology remains high, the entity will far more often opt to accept the risk and not introduce the technology. Biometrics can be done. I am doing it now and am achieving success, but it has not been without challenges."

Dwyane Moehl, Project Director, Northwestern Memorial Hospital, Chicago -- "Biometrics for HIPAA security is not ready. Vendors need to build a standard approach for authentication. Also, the authentication methods will need to be determined by each clinical unit. For example, the operating rooms may require different technology than a medication unit."

Cinny Tinsley, PACS Administrator, Anne Arundel Health Systems, Annapolis, Md. -- "While testing biometrics devices in I.T. (we tend to be the organizational guinea pigs), we tried different devices. Fingerprint scanners worked well for some, but not everyone. There was enough variation in the success rate that I feel it would be a problem to roll it out to the floors. We also tested iris scanners, which work but are slow."

Arlene Lepper, Compliance Officer, Placentia Linda/San Dimas Community Hospitals, Calif. -- "Biometrics technology is ready for widespread adoption, but health care organizations are not ready to adopt the technology. When money is tight and prioritization of resources is a must, biometrics is way down the list of needs."

Armand Gonzalzles, M.D., Medical Director, Riverpoint Pediatrics, Chicago -- "Fingerprint security or retinal scan security are certainly the benchmarks for secure access to computerized data. The technology, however, will not prevent server break-ins, and will not prevent staff from leaving patient Social Security numbers in trash cans. Most physician offices do not have electronic medical records systems and many outsource their billing, so the most common form of identity theft is not from computerized data, but from negligence."

Dan Fitzpatrick, Vice President of Sales and Marketing, Flo Healthcare, Norcross, Ga. -- "The technology is not keeping pace with the bad guys' ability to work around it. Users will not modify their workflow to accommodate an extra step to getting at their data. Also, it is seen as yet another thing that is keeping nurses from spending more time with their patients."