July/August 2015 Issue
Social Services Software: Biometrics, Data Security,
Not too long ago, palm scanners and iris recognition tools were relegated to the realm of science fiction. Today, these and other biometric devices are routinely being used to support identification and registration processes across multiple sectors. In the health care sector, a growing number of facilities are integrating these tools into their patient management software, leading to significant improvements in patient identification, data security, and patient safety.
Biometric authentication refers to the analysis of unique biological characteristics for the purpose of identification. First, the relevant body part—iris, palm, fingerprint, etc.—is photographed or scanned. The data are then converted into a digital format biometric template that's stored electronically with the rest of the patient record. The actual process depends on the type of biometric application being used. Iris recognition tools use a high-definition digital camera to take a photograph of the iris. Fingerprint scanners read the pattern of ridges and grooves of the skin, while palm vein scanners typically use infrared light to read the pattern of veins beneath the skin. In addition to these tools, retina scanners and facial recognition systems are also widely used.
Reducing Medical Identity Theft
Medical identity theft also presents a unique set of concerns and dangers due to the increased risk of patient misidentification. Patient misidentification occurs when a medical record exists in a patient's name and is believed to contain the patient's medical information, but in reality, it contains information belonging to someone else. In some cases, this arises simply from two patients sharing similar or identical names. However, it often occurs as a result of medical identity theft, when a new medical record is created in the victim's name or an existing record is altered. The result is a medical record that reflects the name, but not the correct health status, of the patient. This can be dangerous in cases where the record fails to identify a serious health issue. In the event of an emergency, reliance on such incomplete and inaccurate medical information could have serious, potentially life-threatening consequences.
Biometric authentication makes it much more difficult for medical identity theft and patient misidentification to occur. In most health care settings, the traditional method of verifying a person's identity is for the person to provide personal information such as name, date of birth, address, etc. Biometric authentication provides a consistently reliable method of identity verification because it relies on unique and unchanging patient characteristics, so that one individual cannot impersonate another or accidentally be mistaken for another.
Emergency Patient Identification
In hospitals, medical centers, and other care settings across the country, biometric tools are quickly becoming part of the registration process for patients. Instead of the service provider manually retrieving the patient's electronic record based on information provided, the record is retrieved automatically based on the patient's palm scan or iris photo. In the many settings where they've been used, these tools have largely been well-received by the public—something that Karen Zgoda, MSW, an instructor with the School of Social Work at Bridgewater State University, doesn't find surprising. "These tools are everywhere now, so they've become normalized," she states, citing the use of fingerprint authentication for smartphones and laptops as a prime example of such normalized use. Zgoda points to the presence of these tools in recreational settings such as amusement parks, and notes that the accepted integration of these tools into such environments reflects the general public's overall comfort level with the use of biometric technology.
More Efficient Workflow Management
Given the benefits of biometric authentication, it's not surprising that biometric tools are being used in a variety of environments including schools, airports, and detention centers. But like all technologies, biometrics cannot guarantee absolute security. Security experts and information technology specialists caution that hackers and cyber-criminals will inevitably be searching for ways to compromise these systems. While the inalterability of biometric data makes them ideal for identification purposes, it's the inalterability of the data that also presents a major challenge if a security breach occurs. For instance, let's say a case of identity theft occurs involving the fraudulent appropriation of someone's unique fingerprint pattern. The individual whose fingerprint has been stolen can no longer rely on that characteristic as a form of identification. Whereas a stolen password can be changed and reset, a fingerprint cannot be changed. The "loss" of that identifier will therefore have long-term consequences, since the individual can no longer rely on that particular form of identification.
While it may not be possible to fully eliminate the risks associated with biometric data collection and authentication, efforts can be made to mitigate those risks. Vulnerability assessments can be performed to identify the points of data collection and storage most likely to be targeted for attacks. As with other forms of technology, standards and best practices will continue to develop over time in an attempt to remain a step ahead of potential threats. Zgoda believes social workers need to have a proper understanding of those risks in order to communicate effectively with clients. "There are always going to be technical vulnerabilities and the risk of hacking," she says. "It takes a sophisticated skill set to appreciate those security concerns, and social workers have a critical role to play in addressing those concerns with clients." Potential risks are quickly put into perspective when weighed against all the practical benefits, but that doesn't negate the need for awareness.
Data Collection Implications
Beyond authentication purposes, biometric devices greatly increase the capacity for real-time health monitoring, data analysis, and intervention strategies via the use of wearable devices that capture and report health data automatically. Zgoda hopes to see more conversations regarding the use of biometrics in this capacity, and believes social workers can offer valuable input on how to use the tools in creative and innovative ways. She emphasizes that social workers are uniquely positioned to contribute to these conversations, particularly in offering guidelines on how to maintain an ethical and client-centered approach: "Social work practice can offer guidance and a framework for how to implement these tools in the best possible way to treat clients."
— Susan A. Knight works with organizations in the social services sector to help them get the most out of their client management software.