Issues In The Implementation Of Biometrics

Published Date: 02 Nov 2017

Biometric is based on physiological and behavioural characteristics of a person, is being increasingly adopted by the organisations as person identification applications. But, as biometrics permeates our society, this recognition technology faces new challenges. The design and suitability of biometric technology for person identification depends on the application requirements. Nowadays a reliable personal recognition system is very essential for many business processes. This report presents the process and procedure of implementing biometrics technology in Apollo Hospital. It has also discussed about the security risk and cost consideration related to biometric technique and its barriers.

INTRODUCTION:

Emerging technology plays an important role in healthcare department. Digital innovations are not just technologies that shrink the human burden but it also has great impact on the future of company. The implementation of biometric technology in "Apollo Hospital" is a solution to combat fraud and identity theft and increase security while using EMR system. Biometrics refers to a particular class of unique identification technologies which provide a mechanism to verify individual identity.

As many of hospitals are changing from paper-based system to electronic medical record system in order to enter patient’s health record. Physicians are more concern about the unauthorised access of patient’s data because it exchange across the network. Biometrics is the unique solution which prevents not only the duplicate medical records, medical identity theft but also save billions of dollars a year by significantly reducing the costs to the health care provider to correct and reduce errors (Trader 2012). This report presents an overview of biometrics process, procedure, security risk and cost consideration while implementation.

PROCESS AND PROCEDURAL CONSIDERATION:

As per Zuniga (Zuniga et al., 2010) Implementation of biometric authentication technology provides remote access to medical records of patients with the help of biometric feature such as authentication. However, there are some technical and usability issues to be considered when implementing this solution. The accuracy of the biometric technology depends on the ability of the system to get a good initial picture of the biometric element as well as the ability of matching individual with their original models. The false acceptance rate (FAR) and false rejection rate (FRR) may be affected by factors such as incorrect placement of the biometric feature, dirt, humidity and changes in the biometric feature. Enrol ability of user is also the other issue that may affect the accuracy of the corresponding system such as damage or inexistence of the biometric feature generated by injuries. All health departments requires an easy to use and user friendly technology for secure access to electronic medical records

In general, several issues rise from the usability perspective that could affect the accuracy of the technology and that needs to be considered to reduce the rates for false acceptance and false rejection.

Rhodes (Rhodes 2003) explains that biometric identification systems are basically pattern recognition systems. It uses procedures such as cameras and scanning devices to capture images, recordings, or size of an individual characteristics and computer hardware and software to retrieve, encode, store, and compare these features. Biometric is computerized method so decisions are generally generated very fast. Although biometric technologies determine different characteristics such as fingertips, hand geometric, iris or facial in many different ways but all biometric systems involve similar processes that can be divided into two distinct stages: enrolment and verification or identification.

POTENTIAL SECURITY RISK:

The security insured by biometric technology can itself be compromised. Jain (Jain et al. 2008) found that Biometric systems are vulnerable to multiple potential security threats intended to the integrity of the verification procedure. Where biometric system enhances Apollo Hospital acceptance of work and increase security along with that it is also vulnerable to various types of threats: (See figure-1 in appendix)

Circumvention: Hacker’s may get access to the system protected by biometrics and examine sensitive data such as medical records of patients who are registered their data in EMRs. In this way, hacker can break the privacy of patients and also change the sensitive data.

Denial of service attack: In DOS attack the hackers try to prevent system from functioning normally and deny the unauthorised access. An attacker may crush the system resources from where authorised person obtaining the service will be refused. This can damage the infrastructure such as damage to fingerprint sensor. To prevent this attack hospital will be able to interrupt or block the attack messages. Install antivirus software to detect zombie. (Whitman & Mattord 2012)

Spoofing Attack: In this hacker can make the data look like it has come from a trusted system but originally it is from hacker site to take advantage of data. In hospital, attacker can replaced samples of feature vectors generated from biometric by the set of fake features. (Jain et al. 2008)

MITIGATE SEURITY RISK:

To prevent medical records of patients and other important data from hacker’s hospital must use data encryption and watermarking techniques.

Data Encryption: In biometric system information related to feature of person such as fingerprint, iris, face and hand geometry can be encrypt and stored in smart card. That means the encrypted data must be decrypted before produced the similar outcome with the biometric data obtained online. As a result, the encrypted templates are secured since they cannot be exploited or modified without decrypting them with the correct key, which must be kept secret. (Faundez-Zanuy 2004)

Watermarking Technique: Another security technique is watermarking. It included a time in the biometric data like to setup an expire-date. Therefore, if the data is interrupted by a hacker, it will be useless for the future. Usually this watermark cannot be removed or replaced without making the data worthless. (Faundez-Zanuy 2004)

COST CONSIDERATION:

A publication of General Accounting Office (2002) reveals that the cost of implementation of a biometric system is manly estimated from initial and recurring cost elements. The initial component consists of network infrastructure, software and hardware components such as sensor, processor, card readers, data software modules and purchasing and installing the LAN to connect biometric system. There are many components that make up the recurring cost in the usage of biometric system. These include installation of the system, training requirements, network infrastructure maintenance, port of entry operating personnel it includes staff who would be trained and troubleshoot problems arising from biometric data and very prominently user acceptance. In this way, ultimately the return on investment or the cost-benefit analysis is critical for making a case for biometric systems in most applications. (See figure-2 in appendix)

For example according to Rosenzweig (Rosenzweig et al., 2004) in the hospital, usually fingerprint biometrics is used. Fingerprint readers for physical access control cost assuming approximately $1,000 to $3,000. There is also additional software licensing expenses of assuming about $7 per user. Smaller fingerprint scanners also have maintenance costs of 18 to 20 percent of their purchase price.

The biometric system must be highly interoperable to authenticate individuals who use sensors from different vendors and different hardware/software platforms. These significantly reduce the need for additional software development and bring all the associated advantages.

ISSUES IN THE IMPLEMENTATION OF BIOMETRICS:

According to Gine (Gine 2010) despite the success of biometric technology, there are still few issues associated with the adoption of biometric technology in Apollo Hospital:

User Acceptance: The biggest issue is user acceptance. If in hospital physicians and patients does not like that system no matter how efficient the system is implemented. Fingerprinting is one of the first methods that come to mind when talking about using biometrics for security. But a lot of people are not comfortable with the idea of specialized fingerprint reading pads. 

Identification Problem: Another issue is identification sometimes human characteristics such as finger can be cut or burn and system can unrecognise finger print. In addition, aged people may have poor fingerprints, or the operation of fingerprint readers may be compromised due to arthritis.

Negative Attitude towards providing biometrics: People may be reluctant to place their fingers on the scanners due to health problems. More importantly, there is common opinion that taking fingerprinting is linked to the illegal justice procedure.

Biometric technology is not reliable: Although the biometric technology secures the system from identity theft, fraud and money-laundering effort. But in case with any other technology, it can be hacked, infiltrated, or runs the risk of having data fall into the wrong hands. For example, it is quite possible that workers on the ID database will be corrupted, threatened or blackmailed.

CONCLUSION:

In conclusion, the biometric technology offers wide range of the security and benefits to social concerns relating to personal privacy. It is widely expected that sensing, storage, and computational capabilities of biometric systems will continue to improve. While this will significantly improve the throughput and usability, but there are still fundamental issues related to biometrics. The security level of a system depends on the requirements of an application and the cost-benefit analysis. Proper design and implementation of the biometric system can indeed increase the overall security. Like other technologies, biometric methods also have their advantages and disadvantages and the choice typically depends on the application. However, several technical and usability issues have to be considered to select a suitable solution for a health care environment.