All too often, people are victims of identity theft. Less common, but perhaps more dangerous, is the growing trend of medical identity fraud. According to an FTC report, three percent of all identity theft victims in 2005 were victims of medical identity theft — which means of the 8.3 million ID theft victims that year, approximately 250,000 people were victimized by medical identity theft. Victims do not normally realize that they have been victimized — unless they get a hospital bill for a procedure they never received.
What is even more troubling, however, is that doctors might make incorrect diagnoses based on data from the identity thief's medical history. It may take years for a victim to clear his or her medical record of incorrect data, and HIPAA, which is designed to protect patient privacy, can work against victims if their files contain someone else's medical information.
For example, Anndorie Sachs is a medical identification theft victim. Another woman stole her driver's license and gave birth using her name, leaving her with $10,000 in hospital fees. To make matters worse, the woman abandoned the newborn baby in the hospital, and the child later tested positive for methamphetamine. Afterwards, an agent from the Utah Division of Child and Family Services notified Sachs that she was putting together paperwork to take custody of Anndorie's four children, then ages two to seven. In the end, the false accusations were dropped, but Sachs' medical record had been altered to include the blood type of a complete stranger, putting her at risk for future treatments, especially since she has a blood-clotting disorder. If she were administered the wrong type of blood, it could be fatal for her.
Clearly, patient identification relates directly to patient safety, which is a number-one priority for hospitals. In recent years, biometric technologies have emerged as solutions to not only protect medical records from being tampered with, but also to accurately identify patients. Biometric technologies, however, present several challenges.
Biometric technology deals with the human body, and tends to be intrusive. Some people are not comfortable providing a fingerprint or standing in front of a device exposing their eyes to some unknown emission. Additionally, because the human body and the nature of biometrics that deal with physiological factors are unique, some biometric technologies statistically cannot be applied to certain users. In fact, it is said that two to eight percent of the U.S. population cannot successfully interface with today's fingerprint technology. Some users' fingerprints are too thin and others have been exposed to harsher elements where the skin has become too worn or dry to be read accurately. Even when a user can successfully interface, their body is always subject to changes for which the technology cannot account for. Some factors as simple as paper cuts, for example, can throw off certain fingerprint biometric systems.
Another important issue is accuracy. Although biometric identification is known to be an accurate method of identifying people, no single biometric technology can guarantee 100 percent accuracy. Vendors are competing with one another by attempting to get close to a zero error rate. Though fingerprint biometric technology is widely deployed, most of these technologies present some accuracy issues. In many cases, they may be good enough for certain applications limited to personal use (for example, laptops and PDAs). But other, more critical, enterprise applications require consistently accurate technologies. Iris scanning technology is one of the most accurate biometric technologies today, but it is not easy to deploy. It's also an intrusive technology to many people, and is highly cost prohibitive to the average organization.
The final major stumbling block is ease of deployment. In the biometrics field, some vendors only provide sensors, some provide just the middleware and some provide only software. This leads to an integration-intensive security project for most IT departments, where they want a product that will work right out of the box and will easily work with existing IT systems.
Turning to palm reading
In recent years, palm-vein pattern recognition technology, also referred to as “vascular recognition,” has been refined to meet these concerns. The underlying technology of palm-vein biometrics works by extracting the characteristics of veins in the form of an image. The image is captured by a high performance sensor that maps the deoxygenated hemoglobin running through someone's veins.
Deoxygenated hemoglobin absorbs near-infrared rays. In practice, a sensor emits these rays and captures an image based on the reflection from the palm. As the hemoglobin absorbs the rays, it creates a distortion in the reflection light so the sensor can capture an image that accurately records the unique vein patterns in a person's hand. The recorded image is then converted to a biometric template — a numeric representation of several characteristics measured from the captured image, including the proximity between veins. This template is then used to compare against a user's palm scan each time they authenticate.
This technology is non-intrusive: There is no need to physically touch the sensor. All users must do is to hold their hand above the sensor for less than a second.
The method is also highly accurate. The International Biometrics Group (IBG), which evaluates all types of biometrics products through comparative testing, found that palm-vein technology was on par with iris scan biometrics in accuracy ratings.
Palm-vein recognition technology is significantly less expensive than iris scanning technology. In fact, the only biometric solution less expensive than palm-vein authentication is fingerprint recognition.
For health care organizations, effective palm-vein recognition solutions enable accurate identification of patients, enabling them to quickly retrieve their electronic medical records when they check into a hospital. This eliminates the potential human error of pulling the incorrect record, and helping to protect patients from identity fraud attempts.
Until now, there has been no biometric technology that can achieve the highest levels of security and usability at a reasonable cost. Palm-vein recognition hits that sweet spot of biometrics between security, cost, accuracy and ease of use that make it an optimal physical and IT access control solution for health care organizations.
What is even more troubling, however, is that doctors might make incorrect diagnoses based on data from the identity thief's medical history. It may take years for a victim to clear his or her medical record of incorrect data, and HIPAA, which is designed to protect patient privacy, can work against victims if their files contain someone else's medical information.
For example, Anndorie Sachs is a medical identification theft victim. Another woman stole her driver's license and gave birth using her name, leaving her with $10,000 in hospital fees. To make matters worse, the woman abandoned the newborn baby in the hospital, and the child later tested positive for methamphetamine. Afterwards, an agent from the Utah Division of Child and Family Services notified Sachs that she was putting together paperwork to take custody of Anndorie's four children, then ages two to seven. In the end, the false accusations were dropped, but Sachs' medical record had been altered to include the blood type of a complete stranger, putting her at risk for future treatments, especially since she has a blood-clotting disorder. If she were administered the wrong type of blood, it could be fatal for her.
Clearly, patient identification relates directly to patient safety, which is a number-one priority for hospitals. In recent years, biometric technologies have emerged as solutions to not only protect medical records from being tampered with, but also to accurately identify patients. Biometric technologies, however, present several challenges.
Biometric technology deals with the human body, and tends to be intrusive. Some people are not comfortable providing a fingerprint or standing in front of a device exposing their eyes to some unknown emission. Additionally, because the human body and the nature of biometrics that deal with physiological factors are unique, some biometric technologies statistically cannot be applied to certain users. In fact, it is said that two to eight percent of the U.S. population cannot successfully interface with today's fingerprint technology. Some users' fingerprints are too thin and others have been exposed to harsher elements where the skin has become too worn or dry to be read accurately. Even when a user can successfully interface, their body is always subject to changes for which the technology cannot account for. Some factors as simple as paper cuts, for example, can throw off certain fingerprint biometric systems.
Another important issue is accuracy. Although biometric identification is known to be an accurate method of identifying people, no single biometric technology can guarantee 100 percent accuracy. Vendors are competing with one another by attempting to get close to a zero error rate. Though fingerprint biometric technology is widely deployed, most of these technologies present some accuracy issues. In many cases, they may be good enough for certain applications limited to personal use (for example, laptops and PDAs). But other, more critical, enterprise applications require consistently accurate technologies. Iris scanning technology is one of the most accurate biometric technologies today, but it is not easy to deploy. It's also an intrusive technology to many people, and is highly cost prohibitive to the average organization.
The final major stumbling block is ease of deployment. In the biometrics field, some vendors only provide sensors, some provide just the middleware and some provide only software. This leads to an integration-intensive security project for most IT departments, where they want a product that will work right out of the box and will easily work with existing IT systems.
Turning to palm reading
In recent years, palm-vein pattern recognition technology, also referred to as “vascular recognition,” has been refined to meet these concerns. The underlying technology of palm-vein biometrics works by extracting the characteristics of veins in the form of an image. The image is captured by a high performance sensor that maps the deoxygenated hemoglobin running through someone's veins.
Deoxygenated hemoglobin absorbs near-infrared rays. In practice, a sensor emits these rays and captures an image based on the reflection from the palm. As the hemoglobin absorbs the rays, it creates a distortion in the reflection light so the sensor can capture an image that accurately records the unique vein patterns in a person's hand. The recorded image is then converted to a biometric template — a numeric representation of several characteristics measured from the captured image, including the proximity between veins. This template is then used to compare against a user's palm scan each time they authenticate.
This technology is non-intrusive: There is no need to physically touch the sensor. All users must do is to hold their hand above the sensor for less than a second.
The method is also highly accurate. The International Biometrics Group (IBG), which evaluates all types of biometrics products through comparative testing, found that palm-vein technology was on par with iris scan biometrics in accuracy ratings.
Palm-vein recognition technology is significantly less expensive than iris scanning technology. In fact, the only biometric solution less expensive than palm-vein authentication is fingerprint recognition.
For health care organizations, effective palm-vein recognition solutions enable accurate identification of patients, enabling them to quickly retrieve their electronic medical records when they check into a hospital. This eliminates the potential human error of pulling the incorrect record, and helping to protect patients from identity fraud attempts.
Until now, there has been no biometric technology that can achieve the highest levels of security and usability at a reasonable cost. Palm-vein recognition hits that sweet spot of biometrics between security, cost, accuracy and ease of use that make it an optimal physical and IT access control solution for health care organizations.
