Securing personal electronic health records with a patient's heartbeat
Biometrics, the analysis of physical features for identification and access control, has typically relied on facial, fingerprint and iris recognition to secure computer systems. However, researchers have devised a novel way to protect personal electronic health records using a patient’s own heartbeat.
According to Zhanpeng Jin, assistant professor in the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, electrocardiograph (ECG)—a measurement of the electrical activity of the heart—is a unique feature that can be used to differentiate individuals.
While traditional security measures such as cryptography and encryption can be expensive, time-consuming and computing-intensive, Jin and his colleagues have encrypted patient data using a person’s ECG to protect sensitive personal health information in EHRs.
Last month, the researchers presented their findings in a new paper, entitled “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems,” at the IEEE Global Communications Conference in Washington. Assistant Professor Linke Guo and Associate Professor Yu Chen, along with PhD candidates Pei Huang and Borui Li, are co-authors of the paper.
“ECG is one of the most important data that physicians need to look at to evaluate patient health,” says Jin. “At the same time, ECG data can also be used as unique biometrics and as an encryption key for electronic health records.”
Because ECG signals are one of the most common physiological parameters collected for clinical diagnosis and transmitted through networks to EHRs, he contends that reusing the ECG signals for data encryption is a simple, available and cost-effective solution for enhancing the security and privacy of patient records.
Nonetheless, Jin acknowledges that there are also drawbacks to ECG encryption that are distinct from other biometric technology. He points out that an ECG may change because of age, illness or injury, and as a result is inherently more susceptible to variations than other “fixed pattern” biometrics such as fingerprint and iris. As a result, Jin says researchers at Binghamton University are currently working out ways to incorporate those variables.
“ECG as a biometric has some advantages and disadvantages,” Jin concludes. “The advantage is that ECG is more secure than existing biometrics like fingerprint and iris. The disadvantage of ECG is that it varies due to age as well as physical activities and disease, which is why it has not been widely used as a biometric.”