The document discusses biometric authentication systems for healthcare and evaluates different methods for accessing electronic patient records securely. It analyzes palm vein scanning, fingerprinting, and iris scanning based on factors like accuracy, hygiene, cost and usability. Palm vein scanning was found to be the most accurate, hygienic and cost-effective method as it does not require physical contact and has a very low false acceptance rate.

1. Biometric Authentication Systems in Healthcare Amir Ahmed and Bharath Perugu The University of Texas at Austin Health Information Technology Fall Certificate Program 2011 Discussion/Conclusion Healthcare providers must ensure efficient management of sensitive patient data. In addition, patient records should be accessed by authorized personnel only on a “need to know” basis 2 . The increased adoption of electronic health records (EHRs) has prompted vendors to improve the robustness of the privacy and security of their systems. Federal agencies have also taken positions regarding security of patient data. Since its inception, the Health Insurance Portability and Accountability Act (HIPAA) has increased patient privacy and security. The Centers for Medicare and Medicaid Services (CMS) encourages the use of two-factor authentication when accessing ePHI 3 . Additionally, the Federal Trade Commission (FTC) has required healthcare organizations to comply with the Identity Theft Red Flag regulations, as found in the Fair and Accurate Credit Transactions (FACT) Act 4 . However, patient data are still subjected to unauthorized access, both intentionally and unintentionally, on a frequent basis. Recently, Tricare- the managed care arm of the Military Health System- announced that five million records containing electronic protected health information (ePHI) were illegally breached 1 . Biometric authentication systems (BAS) could help healthcare providers in fulfilling the FTC mandate, as well as decrease the opportunity of illegal access to ePHI. Therefore, the purpose of this research poster is to investigate the best possible biometric authentication method for accessing health records, based on cost, hygiene, usability, anti-forgery, and accuracy. Napua reviewed different biometric methods and compared them for accuracy and usability, as shown in Figure 1 4 . From Napua ’s results, we selected three methods (palm vein authentication as shown in figures 2 and 3, fingerprint authentication as shown in figure 4, and Iris authentication as shown in figures 5 and 6), and compared them across five factors (accuracy, hygiene, cost, usability, and anti-forgery) that should be considered when choosing a BAS. These factors were common throughout the research articles we studied. The three methods were chosen because they were ranked moderate to high on usability. We then ranked each biometric method against the five factors on a low-medium-high scale, as shown in Table 1. The research by Malki showed that palm vein patterns (Figure 2) are recognized with a 99.45% accuracy rate, within 100 milliseconds scan-to-identification time 5 . The false rejection rate (FRR) is less than 0.01%, and the false acceptance rate (FAR) less than 0.00002% 5 . We researched scientific articles using Google Scholar, PubMed, and Science Direct. The keywords we used were “biometrics”, “iris scanning”, “biometric authentication”, “ePHI”, “palm vein scanning”, and “biometrics in healthcare”. We reviewed, and selected from, the first 25 articles of every search query that were published within the last six years. We also reviewed the website of the United States Department of Health and Human Services, as well as current news articles. 1 Versel, N. (2011) Information Week Healthcare. http://www.informationweek.com/news/healthcare/security-privacy/231700161 2 Hewitt, B. (2010) ‘Exploring how security features affect the uses of electronic health records’, International Journal of Healthcare Technology and Management, Vol. 11, Nos. 1/2, pp. 31-49. 3 Search for reference 4 Napua, J. (2011) ‘Growth of Biometric Technology in Self-Service Situations’, Fujitsu Science & Technical Journal , Vol. 47, No.1, pp. 68-74. 5 Malki, S., Spaanenburg, L. (2010) ‘CBAS: A CNN-based Biometrics Authentication System’, International Workshop on Cellular Nanoscale Networks and their Applications (CNNA) , pp. 1-6. 6 Watanabe, M., Endoh, T., Shiohara, M., Sasaki, S. (2005) “Palm vein authentication technology and its applications”, Proceedings of the Biometric Consortium Conference. Table 1: Comparison of Major Biometric Methods Figure 1: Comparison of palm vein and other technologies 4 In this poster, we performed a review of the literature to determine the best possible biometric authentication method for accessing health records, based on cost, hygiene, usability, anti-forgery, and accuracy. We found that each BAS has certain advantages and disadvantages that affect its usability in a healthcare setting. Fingerprint identification is the least expensive method, but since this method requires physical contact of the finger to the print reader, it is less hygienic. Also, fingerprints are subject to damage, which can prevent the accuracy of patient identification. Iris scanning is the one of the most accurate BAS available. However, while iris scanning is contact-free, allowing a high level of hygiene, it is the most expensive methodology. In palm vein authentication, as shown in Figure 3, there is no contact between the subject and authentication device. The lack of physical contact between the two helps ensure hygienic standards, which is important in the healthcare setting. When comparing all factors listed in Table 1, we conclude that palm vein scanning is the method that offers a cost-effective, overall high level of accuracy, hygiene, usability, and security. Palm vein BAS is recognized as a two-factor authentication system in the United States and 26 other countries. In Japan, it has been implemented with great success in many industries, such as finance 6 . This technology is suitable for healthcare because it offers a robust and secure method for dealing with patient identification. In Springfield, Illinois, the Springfield Clinic has already implemented a palm vein BAS in self-service kiosks that allow patients to verify their identity, speed-up the check-in process, update patient records, and make co-payments 4 . Based on our research, palm vein scanning is ideal because it offers an easy-to-use, hygienic method, while ensuring identification integrity. Amir Ahmed: aahmed99@gmail.com; (512) 736-3319 Bharath Perugu: bharath.perugu@gmail.com; (512) 632-4236 We thank Dr. Leanne Field, Dr. Kimberly Smith, Mr. Robert Ligon, Dr. Diane Kneeland, and Dr. Richard Nauert for their guidance, support, and helpful suggestions in creating this poster. Despite the different rules and regulations put in place to ensure the protection of electronic protected health information (ePHI), there are still many instances where data breaches occur. We performed a review of the literature to determine the best possible biometric authentication method. We considered eight methods, and evaluated three based on five selected factors. Based on these factors, we found that palm vein scanning was found to be the most accurate, hygienic, and cost-effective biometric authentication method. Acknowledgements References Contact Information Results Abstract Introduction Methods Figure 2: Palm Vein Pattern Figure 3: Palm Vein authentication device Figure 5: IRIS authentication device Figure 4: Finger Print authentication device Figure 6: IRIS Pattern