Biometrics

Biometrics is the study of automated methods for uniquely recognizing humans based upon physical or physiological characteristics of the individual to provide access to sensitive data. This is a replacement for the traditional login-password combination. Biometrics can be used as a single-factor authentication or combined authentication with other features.

Contents 1 Biometric authentication 1.1 EMR and Biometrics Integration 1.2 Biometric Methods 2 Ocular biometrics 2.1 Iris Scans 2.2 Fingerprint Recognition 2.3 Facial Recognition 2.4 Facial Recognition Technology 2.5 Methods of Facial Recognition 2.6 Research and Application 2.7 Operation and Performance 2.8 Benefits of Biometrics 2.9 Problems with Biometrics 2.10 Active Directory Integration 2.11 References

Biometric authentication

• Handprint: like the facial it measures the distance and angle of different features in your hand. these measures are unique for the individual.
• Signature: it provides a secure manner because there is no possibility for forgering a signature's pattern. it measures speed and pressure at distinctive points of the signature. maybe two signatures can be the same, but the speed and pressure is different between two people.
• Voice: voice pattern is recorded between individuals, however, it's not too accurate given that a sore throat can modify your voice pattern substantially enough for the system to not recognize it.

While some methods are more accurate than others, some require more expensive hardware to achieve this procedure. other methods take a relatively long time to authenticate, which might not be practical in fast-paced context like an Emergency Room. the most popular currently as of 2010 is the fingerprint authentication

Other uses that are been tested for this technology involves analyzing patterns of behavior based on previously stored data. i.e: a system can identify a tired employee based on the pressure patterns of his signature comparing it with the stored data of it.

EMR and Biometrics Integration

Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for most often used with an electronic medical record (EMR). In healthcare, the most common physical characteristics include eye and facial patterns with behavioral characteristics include signature and voice.

Biometric Methods

The consensus is that iris scans are superior for accuracy, followed by fingerprint scans. Hand and facial geometry, voice and dynamic signatures generally rank much lower except for the newer technologies which are designed with healthcare in mind and consider environmental conditions as part of the biometric matching.

Ocular biometrics

Ocular biometrics is currently comprised of two techniques: iris scanning and retinal scanning. In each case, the uniqueness of the anatomical architecture of iris and retinal tissues provides the ability to achieve accurate user identification.

Iris or retina: it even more distinctive for individuals, even twins will have different iris patterns. However, hardware is expensive for this type of identification.

Iris Scans

Iris scans are currently the "gold standard" for biometric accuracy. Critics, however, are likely to mention that people get edgy when asked to position their eye near any device. Critics are thinking of retinal scans, which require closer proximity (2-4 inches) to a camera and a quick, concentrated beam of light. Iris scans can be performed from farther away at a distance of up to 3 feet.

Fingerprint Recognition

Fingerprint recognition is becoming even more common as many laptops incorporate fingerprint readers into the standard laptop package. Even the new UMPC is being offered with fingerprint recognition.

• Fingerprint: the thumb fingerprint is easy to use, each fingerprint is unique among population. uses small devices

Facial Recognition

Facial recognition was first implemented for identifying people of interest in large crowds. The government and casinos were the most common users. Some new facial recognition vendors have focused on the privacy and security necessary to be used in healthcare. Facial recognition's continuous authentication creates a nice framework for ensuring security of clinical workstations. It also paves the way for true single sign on.

• Face: for identifying the layout of facial features measuring the distance and angles between each.

Facial Recognition Technology

is a type of biometrics that uses mathematical algorithms to reduce a facial image to numeric data that can be compared to stored numeric data representations of known faces. Findings are represented as a percentage match against the knowns.

All facial recognition technologies use the same basic sequence of actions: Obtain the image, Locate the face in the image, Generate a template from the image using the facial recognition software, Compare to stored templates in database, Determine positive matches, and Declare the matches. This can be done manually or automatically in real time or asynchronously. There are 3 methods used: Holistic, Feature-based, and Hybrid.

Methods of Facial Recognition

Holistic methods use the eigenface technique of PCA(principle component analysis) to reduce a facial image to a little more than 100 different characteristics that are assigned mathematical weights using a unified face created by a training database. Known image's features are given weights against the training database's unified facial representation(or eigenface). Unknown's features are then assigned weights and the weights are compared to the known faces. There are several other holistic methods, but they all represent variations on eigenface using somewhat different mathematical methods, e.g. Fisherface using FLD. Holistic methods allow real-time facial recognition as they can dynamically identify all the faces in a crowd, normalize them for comparison, reduce them to a mathematical representation, and compare them to a database of known faces.

Feature-based Methods use the distances between features expressed as a ratio to a central point. These were the original methods of facial recognition. Originally done manually and asynchronously, several variations in this category have been automated. Hybrid Methods combine Holistic and Feature-based methods to improve yield. Most proprietary systems currently are Hybrids.

Research and Application

Facial recognition has been tried in the field(Tampa,England,Logan Airport,etc) with mixed results since the breakthrough discovery of PCA and the eigenface technique in the early 90s. The FERET database of known faces was developed with DARPA funding in the 90s to allow benchmarking for the comparison/evaluation of new systems. 3 FRVTs(Facial Recognition Vendor Tests) and a FRGC(Facial Recognition Grand Challenge) have occurred since then with very active research underway. There are many vendors and types of proprietary systems available and under development. It is a nearly ideal biometric for law enforcement and counter-terrorism as it can be done covertly and in real time. It has a role in health care for biometric login authentication.

Thomas Carr

A facial biometric company is FastAccess.

Operation and Performance

All of these technologies involve sensitivity trade-offs. Set sensitivity high and scanners will keep out people you want to keep out, but they'll probably also keep out some who should be allowed in. In healthcare this could mean preventing access to a critical patient's record. Set sensitivity low and fewer authorized people will be denied access, but so will fewer unauthorized people. This creates a large HIPAA violation.

These tradeoffs in performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted as genuine users, while the FRR measures the percent of valid users who are rejected as impostors. In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing some parameter.

Benefits of Biometrics

• Speed of Login Biometrics is significantly faster than a password login.
• Unique Identifier for Patients In order to avoid duplicate patients in your system a biometric match with previous patients can be used.
• Lost Passwords Costs of managing lost passwords is almost completely removed with biometrics.
• Digital Signatures Biometric authentication can be used to digitally sign electronic documents found in EMR systems. These can range from consent forms to prescriptions to privacy agreements.

Medical identity theft has become an increasing trend on these days. Many reported incidents of stealing private sensitive data for stealing credit card information or to access confidential sensitive data.

Problems with Biometrics

• Register Biometric Identity In order to recognize your biometric identity you must register your identity. Some biometric registration is done over time during login, but it still requires storing your biometric data in order to recognize you in the future.

• Solution or Substance on Your Hands Healthcare clinicians are often coming in contact with various solutions that make biometrics unable to recognize you. Lotion on your hands is one example using fingerprint authentication.

• Speed of Recognition If you move to quickly you won't be recognized by the biometric scanner. While still faster than a password this causes relative frustration.

• Remove Gloves Gloves or other equipment may make you unable to use various biometric authentication.

• Physical Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.

• Personal Information There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

Active Directory Integration

Most biometric devices can be integrated with active directory to easily manage users and profiles across multiple workstations. There are two possible methods of active directory integration with biometrics. A very common practice is to extend the schema to include new biometric attributes. After extending the schema this change can never be undone. The other method is to use existing active directory attributes for authentication.

Another new feature of biometrics directed to healthcare is shared/kiosk workstations. Active directory integration is usually necessary to create a shared workstation environment with proper security and prevent time spend logging on and off windows.

According to Robert Seliger, CEO of Andover, Mass. based Sentillion, healthcare uses fingerprint scanning for user authentication more than any other industry.* Healthcare’s abundant use of biometric authentication can be attributed in large part to the HIPAA security rule and the decrease in the cost of implementing biometrics. Additionally, healthcare organizations look to biometrics to decrease overall time spent to repeatedly logon to clinical information systems.

Given healthcare’s appetite for biometrics, it is advisable that informaticians stay informed about emerging biometric technologies as well as understand the pros and cons of the various biometric options. Western Carolina University has made this a little easier by hosting a web site that provides both general and specific information about biometric technologies.

http://et.wcu.edu/aidc/BioWebPages/Biometrics_Home.html[1].

General information about the history, current uses and future possibilities in biometrics are available from the home page as well as information about the technical aspects. These same categories of information along with vendor links are available for individual biometric technologies, for example iris scanning and signature identification. Possibly the most interesting component of the site is the review of emerging biometric technologies. It is here were one can learn that scientists are attempting to use body odor and body salinity as biometric identifiers. If reviewing all these areas of the web site leave questions unanswered, links to additional information are located on the home page.

• Andrews J. Biometrics leaves imprint on healthcare. Healthcare IT News. http://www.healthcareitnews.com/story.cms?id=4916#ResourceCentral [2] May 1, 2006.

References

1. EMR and Biometrics
2. Wikipedia: Biometrics
3. Biometric Devices Enable Secure Authentication [3]
4. A PRIMER ON BIOMETRIC TECHNOLOGY [www.rand.org/pubs/monograph_reports/MR1237/MR1237.ch2.pdf]