Biometric security authentication technology has been available for many years and adopted in many industries, including healthcare, to identify an individual’s name with a unique biological trait. This can include a fingerprint, iris scan, voice pattern, token or hand print, among other options.

This identifiable data traditionally has been stored on databases, which can be a very inviting target for malicious hackers, says George Avetisov, CEO at HYPR, a vendor of software that secures biometric authentication.

The vulnerability of biometric databases was on center stage when the federal Office of Personnel Management was hacked twice in June 2014, compromising data security of 21.5 million individuals as well as the fingerprints of 5.6 million people.

Now, the need for such large databases of identifying information is receding, as is the cost, because there’s a decentralized way of collecting and storing biometric data, making use of smartphones, which most people now have, Avetisov notes.

Working with vendors that store biometric data, a fingerprint can be created and matched against an existing print already on file to enable a healthcare worker to unlock a phone, laptop, tablet or desktop computer.

Also See: Securing personal electronic health records with a patient’s heartbeat

Hospitals should use two-factor authentication, such as face/voice or palm/iris recognition, which is a great way to make devices more secure without introducing complexity, according to Avetisov. He says that using more than two factors does not enhance security and just makes the process more inconvenient for users.

Enabling the use of a smartphone for identification now makes more sense, he says. “It doesn’t cost more; the devices already have a camera and microphone. But this is a big change. We relied on hand and fingerprint readers, and now your devices are your biosensor.”

That means organizations no longer need to invest in face scanners and tokens, he contends. The average iPhone user accesses fingerprint touch ID 82 times a day. Consequently, chief information officers and chief information security officers increasingly are moving toward using personal devices for authentication, while saving money, Avetisov says.