Given the rate of advancement in technology, Mayo Clinic Jacksonville could have resolved some of its problems with fingerprint reading by reinvesting in more advanced techniques that were unavailable when it launched the pioneering effort five years ago.
But by the time the project started breaking down, concerns about fingerprint methods in general had the clinic's experts scanning the technological horizon for alternatives that might be superior, says Reginald Smith, vice chairman of Mayo Clinic Jacksonville's department of applied informatics.
The key to biometric security is the uniqueness of whatever is scanned to provide identification, he says, and the 20 to 45 possible points of distinction provided by a fingerprint might not be sufficient to avoid misidentifying someone, Smith says. The bigger the pool of prints on file, the more likely it is for the system to give a "false positive"-identification as someone else in the user database.
Over a five-year period, the fingerprint system cleared a doctor into the clinical system under the identity of someone else on three occasions. "That shook my confidence in it," Smith says.
In the context of hundreds of thousands of computer accesses, that's a rare problem unlikely to compromise a medical information system, says Jim Klein, a healthcare analyst with Gartner, a Stamford, Conn.-based information technology research and advisory firm. "It's not something a perpetrator could rely on," he says.
But other reports of successful hacking drew Smith's attention. Earlier this year, researchers in Japan and Germany published results of efforts to fool fingerprint-based access. Among several variations, all of which were successful, was creating molds of fingers from latent prints retrieved from the surface of sensors.
A more fanciful approach was written into an episode of the TV series "MacGyver," in which the technologically inclined sleuth broke into a vault by cupping his hands over a fingerprint sensor. The action enabled the scanner to detect traces of the previous finger laid on the tray. Smith thought the script might be stretching the odds for dramatic effect-but when he tried the same thing back at Mayo, it worked.
At a conference in London in 1999, Smith learned about a technology for scanning eyes that offered a contact-free method of identification that picked up 10 times the number of minutiae points for each authorized computer-system user-making the chance of false positives mathematically infinitesimal.
A pipe dream at the time-scanners were priced at $10,000 each-the technology quickly plummeted in cost to $3,000 by 2000; scanners cost less than $200 today. Last month Mayo Clinic Jacksonville's informatics department began piloting the use of 20 small cameras alongside computer workstations to scan the 200 to 400 minutiae points of the human iris.
"When you use an iris, it doesn't touch anything," Smith says. "It's 17 inches away from the camera."
Just looking in the direction of the camera triggers a reading, and experience to date demonstrates that repeated attempts are not usually necessary to get it right, Smith reports. In a side-by-side test of iris and fingerprint access on a portable workstation, 73% of clinicians who tried both at the Jacksonville clinic said eye recognition was easier, and 83% preferred it to fingerprint biometrics.
Installing the eye recognition system throughout the clinic would cost about $100,000, including about $59,000 for 300 cameras at $197 each, Smith says. As a serendipitous bonus, the recognition devices double as cameras for videoconferences via computer, and all workstations would be set up for impromptu sessions between any two locations using software that comes standard with Microsoft Windows, he says.
That doesn't mean it's a done deal, though. "I'm not so sold on it," says John Mentel, M.D., chairman of the applied informatics department. Mayo Jacksonville's experience using a paperless system of medical records has shown that inappropriate access in clinical areas might not be a serious enough problem to justify the investment in iris scanning, he says.
The clinic's experts also are weighing alternatives such as "proximity badges" worn by doctors during their work, which trigger an identification code automatically as they get near a workstation. But doctors still have to type in a code, so that begs the question of why it's better than a user name and password system for the extra cost, Mentel says.
A better use of the proximity feature might be to automate what happens when a physician leaves the vicinity of his workstation, he says. Locking the computer after the session is a security compliance issue, requiring doctors to remember to hit a key to hide their access into the clinical system before another clinician can sit down and possibly use the same access. By putting the proximity technology in reverse, physicians would not have to remember that procedure when they get up and leave, Mentel says.
A more fundamental consideration stems from the growing importance of freeing doctors from having to use fixed-site computers, he says. The answer is to carry wireless mobile devices with them, he says, and technology is speeding to that need. Earlier this month a new class of lightweight tablet computers hit the computer market, which could provide much the same performance as desktop computers with a full-size display and the ability to do much more than the current class of handheld devices called personal digital assistants, Klein says.
From a security standpoint, there would be less need for biometrics if doctors carried mobile devices, Smith says. And the technology is there to imbed the identification technology now used in proximity cards, Klein says.
If such a mobile device can become completely personalized for each physician, it can blend into a security structure that combines wired and wireless computers, Klein says. "There's no reason why it can't function as a smart card in proximity to the terminal."