Radiologists are the undisputed leaders in adopting electronic record keeping. But the profession is behind the curve with biometric identification, a technology that's generating a sea change in security IT and making impressive gains in hospital utilization.
Biometric identification eliminates password abuse, removes the need to remember multiple passwords, makes 90-day password changes transparent, and maintains security standards in a virtual desktop healthcare IT environment. When applied to patients, it can dramatically reduce data-entry errors and streamline patient workflow.
Like speech recognition dictation systems, the technology for biometric identification has been commercialized for years. Its primary markets have been law enforcement, the military and defense industries, and corporations with stringent security requirements.
However, this is changing. Healthcare IT represents a large, lucrative, and unsaturated market. Greater adoption of electronic health records (EHRs), which can consist of multiple information systems with unique passwords, combined with more internal security breaches at healthcare facilities, concern about patient identity theft, and increasingly stringent federal regulations regarding patient privacy, have brought biometric identification to the attention of hospital administrators.
Some of the main biometric identification technologies and how they're being used in clinical practice are described in the following sections.
Palm vein scanning
The palm vein scanning process uses near-infrared light to illuminate the hand's vein patterns and blood flow, which are unique to each individual. The process is fast and identification is accurate. The scanner is easily sanitized with antibacterial wipes.
Data from the scan are encrypted and stored in a database. The database interfaces as an overlay with other healthcare information systems, such as an electronic medical record or RIS.
The first palm vein scanning system (PalmSecure, Fujitsu Computer Products of America) made its debut at the 2006 Healthcare Information and Management Systems Society (HIMSS) annual meeting in San Diego. The year before, the technology had begun to be adopted in Japan for ATM machines and for other financial transactions by Japan's banking industry.
NYU Langone Medical Center
On June 5, NYU Langone Medical Center launched its patient palm vein scanning system (PatientSecure, HT Systems) as part of a massive update of the hospital integrated delivery network's healthcare IT systems.
The center in Manhattan consists of the flagship 705-bed Tisch Hospital, the 174-bed Rusk Institute of Rehabilitation Medicine, and the 190-bed Hospital for Joint Diseases. The NYU enterprise also includes outpatient clinics in Brooklyn and Queens. Its radiology department provides imaging services to all of these facilities, as well as to recently acquired imaging centers in Great Neck and Port Washington.
Dr. Edmond Knopp, associate professor of radiology and the informatics champion for the radiology department, spoke with AuntMinnie.com about the impact the new technology has already had.
"Historically, when a patient came to one of our radiology departments for an examination, let's say an MRI of the knee, the patient would be given all sorts of paper documents to verify," he said. "Now, when that patient arrives at registration, he or she places their palm over the scanner. Verification occurs in seconds, and the patient's entire record is displayed."
The radiology department was part of the hospital-wide launch, and NYU's patient registration protocol requires that patients provide two forms of identification, including a photo ID. A digital photo is taken in addition to scanning the patient's palm.
Knopp believes that the technology will be particularly advantageous to facilitate unscheduled walk-in patients who need routine x-ray exams. He also pointed out that if patients enrolled in the system arrive unconscious or otherwise unable to identify themselves, the system could identify them immediately.
The hassle of identifying a patient with an identical name to another patient, which occurs among some 125,000 individuals at NYU, is also eliminated. There is no longer the issue of trying to determine which of two patient records of "Mary Jones," both with the same birth date, is the one associated with the patient having an exam.
University of Wisconsin
The University of Wisconsin Hospital and Clinics in Madison introduced palm vein scanning in October 2010. Within two weeks of implementation, it had enrolled more than 11,300 of the more than 2 million patients annually who receive treatment.
The hospital invested approximately $70,000 for a 200-scanner system, according to Mike Sauk, chief information officer. Eliminating duplicate patient names and improving patient safety were two of the primary reasons for adopting the technology.
Enrollment in the university's SAFE (Secure, Accurate, Fast, Efficient) system is not mandatory for patients, but it is encouraged. Children can be enrolled when they reach 5 years of age. The palms of these pediatric patients will be scanned annually through age 15 to accommodate their growth.
Fingerprint identification systems
Fingerprint identification is the most common type of biometric identification in hospitals and other healthcare facilities. These systems may be used exclusively by medical staff, for patient identification, or for both.
User-authentication vendor Imprivata has seen its market for secure single sign-on and other digital identification systems gravitate toward the healthcare industry over the past few years, with healthcare customers representing 80% of the company's sales. Imprivata sells its systems throughout the world and has an installed base of more than 800 hospitals, according to David Ting, the company's chief technology officer.
Ting told AuntMinnie.com that the mobility of physicians and clinical support staff, along with the need to memorize multiple passwords that have to be changed every 90 days, have been catalysts for integrating fingerprint identification systems with healthcare IT systems.
Having a biometrically validated single sign-on maintains HIPAA security requirements, reduces physician frustration, and -- most importantly -- saves time.
The company references a 400-hospital survey that it commissioned to analyze the effects of single sign-on functionality. Conducted by the Ponemon Institute, the survey revealed that clinicians, on average, had to memorize between five and six unique passwords, and they spent between eight and 15 minutes per day logging into healthcare IT systems. Over the course of a year, this equated to 103 to 203 hours of unproductive time, Ting said.
"A fingerprint identification system incorporates something you know, something you have, and something that is unique to you and cannot be replicated," Ting said. "It can be used at a workstation, with a mobile tablet, or in a virtual desktop environment."
Fingerprint ID for Arizona radiologists
Radiology Ltd. in Tucson implemented Imprivata's OneSign authentication management system as a way to automate the launching of programs that radiologists use.
"The system has greatly reduced the problems associated with launching multiple customized programs, as well as remembering passwords," explained Ron Cornett, imaging informatics administrator. This large radiology practice operates nine imaging centers, in addition to providing radiology services at two hospitals.
Approximately 50 radiologists are enrolled in the system, which does not include technologists. The system enables the IT department to track users in a shared desktop environment, lock the workstation, and smoothly transition between users, Cornett said. The fingerprint identification system is also integrated with the hospitals' RIS and PACS.
"The Imprivata product uses a screen scrape-type technology and provides a graphical user interface that lets you train the software to recognize the login screens, fill them in, and manage them," he said. "Once a login has been learned, it can be deployed to policies, users, and groups."
Fingerprint ID for radiologic technologists
An effort to add radiologic technologists (RTs) to the fingerprint identification system failed at Radiology Ltd. The technologists shared workstations, and logging on and off proved to be impractical.
Washington Radiology Associates (WRA), however, uses the fingerprint identification system (DigitalPersona Pro, Digital Persona) it deployed in December 2010 exclusively for RT use. With seven imaging centers in the District of Columbia, Maryland, and Virginia performing more than 30,000 exams each month for residents of the greater metropolitan DC area, maintaining workflow efficiency was a high priority.
"In 2009, we were evaluating new RIS products," Michael Nguyen, information technology manager, told AuntMinnie.com. "We discovered that most of the RIS vendors required multiple logins within their application for user logging and tracking purposes. We needed to develop a quick and easy way for our end users to log in without the hassle of retyping their user names and passwords multiple times."
"Most of our technologists share existing workstations, so we needed a solution that would assist them in the discrete but repetitive login and logout requirements within the application," he said. "The solution also needed to work with our existing infrastructure and had to be secure to meet HIPAA compliance."
The IT team selected a keyboard with a built-in reader to save on desktop space. Each technologist goes through a one-time fingerprint enrollment process. Fingerprint identification systems store more than one fingerprint, in case another has to be used for "backup" if a finger has been cut and bandaged.
Like Radiology Ltd., after testing the biometric keyboard and software in a lab environment to verify that it would work as promised, WRA IT staff rolled out the system on a site-by-site basis. Both Cornett and Nguyen said that new users can be enrolled and existing users edited remotely via third-party secure desktop software. With both practices, installation was relatively easy, with few issues to resolve.
"The biometric solution has saved time for our technologists," Nguyen said. "It has eliminated the multiple logins required by our RIS for starting and ending patient exams. It has also eliminated password entry user error that we commonly saw. The technologists have adapted well and truly appreciate the convenience of this system."
Interestingly, radiologists do not use the fingerprint identification system. It was determined early on that with a single sign-on system already in place, it would not benefit the radiologists' daily clinical routine.
Proximity authentication
Proxense markets its ProxAccess proximity authentication and biometrics system for use by physicians, clinical staff, and administrative staff. Users wear an ID badge that activates and deactivates a workstation at a specified distance of 1 to 20 ft using radiofrequency technology. The ID badge can also include an embedded fingerprint that must match one on a fingerprint scanner for an added layer of security.
Robert Pruter, vice president of sales and marketing, told AuntMinnie.com that in the first year of marketing the company's products specifically to the healthcare industry, the company has seen a surge of interest correlating with the Obama administration's EHR adoption mandate. This has begun to include inquiries from radiology practices: One of Proxense's recent customers is a large radiology practice operating multiple imaging centers on Long Island, NY.
Will biometric identification be the next big trend in imaging informatics? If radiologists follow in the footsteps of hospitals, it may well be.
