A New Application for Biometrics

Zack Martin,
Managing Editor
Health Data Management Magazine, December 1, 2007

Carolinas HealthCare System, with 19 hospitals and 150 clinics, is a sprawling enterprise that needed to improve its processes for quickly and positively identifying patients, and linking them to the correct electronic health record.

The delivery system was enamored with the idea of using biometric technology because of its ease of use and reliability. But it took three years of searching to come up with the right biometric solution, says Jim Burke, director of information systems at Carolinas HealthCare System. Burke looked at biometric systems that use the voice, fingerprint or iris to confirm identity, but he didn't think any of those options fit the provider's needs in terms of reliability, cost and usability.

The delivery system ultimately settled on PatientSecure, a biometric system that uses the veins in the palm to confirm identification. The technology is from Sunnyvale, Calif.-based Fujitsu Computer Products of America Inc. and Tampa, Fla.-based HT Systems. To use the new technology, patients hold their hand above a scanner. A positive ID automatically brings up the patient's EHR.

One of the primary drivers for deploying a biometric solution was Carolinas HealthCare's implementation of an EHR and its desire to properly tie the patient to the correct record, Burke says. The provider is deploying an EHR from Cerner Corp., Kansas City, Mo., at all its sites.

Biometric technologies have been used for decades in law enforcement to identify criminals. But use outside of law enforcement is relatively new. And some early adopters regret the decision to use biometrics because it can be difficult to use and unreliable.

After the Sept. 11, 2001 terrorist attacks, public sector interest in biometrics picked up. Government projects that use biometric technologies to authenticate all federal employees, have pumped money into the industry, which, in turn, has increased the reliability of the systems and made them more affordable.

Health care, however, still hasn't embraced biometrics, says Dana Marohn, a senior consultant at the International Biometrics Group, a New York-based research and consulting firm. IBG estimates the sale of biometrics in health care at $84.6 million in 2007, but it predicts sales will grow to $284.2 million by 2012, Marohn says.

As electronic health records become more pervasive, the use of biometrics will also become more widespread in health care, Marohn says. Biometric technologies are best suited for providing definitive identification of patients to ensure caregivers use the right record, she argues.

The most common type of biometrics technology used in health care is fingerprint scanning (see story, page 49). Many fingerprint-scanning products are on the market, and the cost of these is relatively low compared with other biometric options.

In most cases, health care organizations are using fingerprint scanners and other biometric options as a substitute for user names and passwords to identify caregivers before they access information systems.

But some organizations, including Carolinas HealthCare System, are breaking new ground, using biometric technologies to identify patients at the point of admission.

The palm vein recognition technology used at Carolinas HealthCare System is one of the newest biometrics options. The technology is particularly appealing in health care because the user doesn't have to touch the scanner, minimizing the risk of picking up an infection.

The concerns about infections, as well as concerns about whether fingerprint scanners would wear out because of repeated cleanings, were important factors in Carolinas' decision to use palm vein recognition.

How It Works

Vein recognition technology uses near-infrared light to capture an image of the blood flowing through veins in the hand. The blood absorbs the light and causes the veins to appear as black patterns. An algorithm then calculates the distances between the veins and creates an identification number specific to that pattern. That number is then stored and used to identify the patient and the original vein pattern image is discarded.

Carolinas employees designed a 6-pound white cradle that houses each scanner, making it durable enough to withstand numerous patient interactions each day. Each cradle has two protruding stainless steel rods that fit on both sides of the middle finger to make sure the hand is in the correct position.

The patients don't actually touch the scanner; their hand lies slightly above it. The part of the cradle they do touch is constructed of anti-microbial material, which is easy to clean and limits the risk of infection.

Palm vein biometric technology has been used in automated teller machines and other banking applications in Japan and other Asian countries for several years.

The Patient Access Secure System, as Carolinas named it, is in use at most of its hospitals and will be rolled out to its group practices in the next year. The delivery system eventually expects to deploy 500 palm vein scanners at a cost of about $1 million, Burke says.

When patients first enroll in the system, they have a photo taken and provide their name, Social Security number, insurance information and other demographic data, Burke says. Then the patient places their hand above the scanner and a template is created.

Whenever a patient comes to a Carolinas facility, they provide only their date of birth, and then place their hand above the scanner to confirm their identity, Burke says.

The biometric application interfaces with the delivery system's enterprise master person index to gather the necessary information from various information systems, including the EHR. Carolinas uses an EMPI from Initiate Systems Inc., Chicago.

Burke is working on modifying the cradles so they can be placed on mobile computer carts. When patients are admitted to Carolinas Medical Center in Charlotte, they are taken directly to their room and registration is performed at the bedside. Equipping the computer carts with the palm vein scanner will make this process quicker.

The emergency department bays at all the delivery system's hospitals also will be equipped with the biometric technology to capture information at the bedside. Group practices using the technology will have a scanner at the front desk for use when patients come in for appointments.

So far, 26,000 patients, or 98% of those approached, have enrolled in the palm vein biometric system, Burke says. "If people don't want to do it, they don't have to," he says. "We've had very few questions from patients and very few who didn't want to enroll."

If a patient chooses not to participate, they have to provide their name, date of birth, Social Security number and other information every time they visit a facility.

The delivery system created handouts and posters at the hospitals that explain how the biometric system works and what it does.

Roger Ray, M.D., who practices at Carolinas Medical Center, appreciates the patient safety aspect that the technology offers. "There is great importance in properly identifying the patient," he says. "If there is a main benefit from the system it will be helping us avoid patient errors."

But there will be other benefits too, Ray predicts. "If we have a patient who has been to one of our facilities and they're unable to communicate, it gives us a shot at identifying them," he says.

"Most of the patients are put off by the registration process and this makes it easier," he says. "So there's a customer service element to it as well."

In another pioneering effort to use biometrics to identify patients, the state of Texas is using the technology in hopes of cutting Medicaid costs by avoiding fraud.

The Texas Health and Human Services Commission is using what it calls the "Front-End Authentication and Fraud Prevention System" to make sure only those patients eligible for Medicaid receive treatment through the government program. The system also helps ensure physicians are billing properly for services rendered, says Ted Hughes, a spokesperson with the state agency.

The state has enrolled 180,000 patients in three counties in the program. Participants are issued smart cards that store a fingerprint template-mathematical representations of the fingerprint.

The state expects to soon expand the program, which started in late 2005. EDS, Plano, Texas, is the system integrator for the project.

When a Medicaid patient shows up at a doctor's office, they confirm their identity with the card and fingerprint. The card is placed in a reader and the patient places their finger on a scanner to confirm they are the card owner.

When the patient's identity is confirmed, the system also performs an eligibility verification. The patient also presents the card when the appointment is completed. By scanning it again, the provider records information on how long the patient was with the doctor. This helps the state Medicaid program avoid paying too much for the visit.

Sidebar

The most common use of biometrics in health care is the application of fingerprint scanning for identifying clinicians accessing information systems.

For example, caregivers at Sutter Solano Medical Center, Vallejo, Calif., have been using a fingerprint scanning system for five years. The 110-bed hospital is using a single sign-on application and fingerprint scanners from DigitalPersona Inc., Redwood City, Calif.

To comply with HIPAA's data security rule, the hospital replaced its old approach to providing access to information systems, which proved cumbersome, says John Teymourian, network information systems administrator.

Clinicians formerly had issued generic user names and passwords to gain access to the computers, Teymourian says. Each caregiver assigned to a nursing station, for example, would use the same information to log in to the network. When accessing specific applications, such as lab systems, the caregiver would use their individual user name and password.

If each worker had his or her own user name and password it would have taken too long to access the network, Teymourian says. Plus, executives were concerned that adding passwords would lead to increased help desk costs and decreased productivity.

"It took five or six minutes for caregivers to login to the computer before," he says. "Now they walk up to the biometrics scanner and it unlocks the PC within 10 to 15 seconds."

The hospital has deployed more than 600 fingerprint scanners around the hospital on both the business and clinical sides, Teymourian says. Many of the scanners are attached to PCs at nursing stations, but some are also used on mobile computer carts and medication cabinets.

Some health care organizations are hesitant to use fingerprint scanners because caregivers often wear rubber gloves. Sutter Solano has found, however, that the scanners will still read a user's fingerprint if they are wearing non-powdered latex gloves, Teymourian notes.

The scanners have proven to be durable, Teymourian says, with relatively few replaced over five years.

Sidebar

Taking a risk on a first-generation technology can backfire. Executives at Eagleville (Pa.) Hospital learned this the hard way when they attempted to use iris scanning to regulate access to the organizations computer network.

Iris scanning has been a touted as a good technology for health care because, unlike fingerprint scanning, it doesn't require an individual to touch a device. All you have to do is stare into a camera. And while that sounds easy, it's not.

In 2002, Eagleville Hospital decided to install iris scanning biometric cameras to comply with the HIPAA data security rule. The camera takes a picture of the user's iris and maps various points, saving that information as a code.

The 318-bed hospital deployed 100 of the desktop cameras for staff members to use when logging onto its computer network. But three years later, they replaced the modern technology with old-fashioned user names and passwords, says Richard Mitchell, director of I.T.

Using the iris scanning system for the first time took up to 20 minutes, Mitchell notes, because the cameras were so sensitive to movement.

"And then once they were registered they wouldn't be able to sign on when they got back to their desk," he adds, again citing the problem with head movement.

"I would get two to three calls a day with people not being able to access the network."

When Mitchell called the vendor for support, he recalls, "They said we needed to upgrade our cameras."

Today, clinicians type in user names and passwords to access a number of homegrown applications and the Affinity hospital information system from QuadraMed Corp., Reston, Va.

While the iris scan didn't work out well, it doesn't mean the hospital has given up on biometrics, Mitchell says. Eagleville is considering a new time and attendance system that uses hand geometry biometrics technology. The scanner take a measurement of the individual's hand and uses that and a personal identification number to identify them.

For more information on related topics, visit the following channels:

• Data Security
• Hospitals
• Group Practices