Inadequate regulations, standards a problem for health care biometrics, says study

Interviews with 12 U.S. health care and biometrics technology insiders show a high level of sophistication when it comes to devising industry-appropriate authentication strategies. But the insights all face the same roadblocks – national policy inertia and lagging standards.

The interviews lie at the core of a new Pew Charitable Trusts study about eliminating patient records mismatches, which can result in injury and unnecessary expense.

Most if not all new chapters in information technology – including electronic health records — have been billed as the answer to medical records confusion with follow-on gouts of investment.

The study indicates that the health care market has a nuanced view of what is needed to reduce errors and better protect (or at least recognize the risks to) patient privacy. It also is honest about how regulation and standards could render this discussion academic.

Among the interviewees was ID.me CEO Blake Hall; Jeremy Grant, a managing director at law firm Venable; and executives from insurer Aetna, iris biometrics vendor EyeLock and regional health care provider Terrebonne General Medical Center.

Through these discussions and work group sessions with a larger circle of industry and technology insiders, Pew came up with five shared insights.

First, face biometrics are optimal for this industry. The technology works without physical contact and is comparatively inexpensive. They recognized that face scanning also means risk to equity, privacy and data.

Match on device is another optimal choice, according to the report, even considering a degree of logistical and accessibility gaps.

Third, biometrics should not be a sole point of authentication. It should enhance patient-record matching, being used with demographic information.

The final two items the panel found consensus on show how tenuous the industry’s control of its patient-matching future is.

The interviewees say national policies and standards are needed in order to fold together patient data from the various health care providers patients visit and the various electronic health records of each provider. The solution to this puzzle must not be proprietary or dependent on proprietary systems.

Finally, all felt all biometric standards have to first address patients’ rights. Their data must be collected only after getting informed consent that spells out precisely how the data can be used.

Article Topics

biometrics  |  data privacy  |  digital identity  |  face biometrics  |  healthcare  |  patient identification  |  regulation  |  standards