01 Feb Can Biometrics Increase Safety in the NHS?
Within the NHS, security is always a primary concern for patients, staff and data. Todays NHS must contend with an ever-increasing and ageing population whilst also being drained of future funding. The NHS deals with over 1 million patients every 36 hours across the UK, with an increase in hospital admissions of 28% against a decade earlier (according to the NHS Confederation report, November 2016).
With increased admissions come fairly serious downfalls:
- According to NHSBSA statistics, in 2015 there were nearly 70,000 assaults on staff
- A 2009 study (National Patient Safety Agency) found that the number of NHS patients given the wrong medicine doubled against 2005
- Healthcare records becoming digitized could be potentially hacked or corrupted
- As the NHS grows, so do vulnerabilities
The key issue surrounding the above statements is security and accountability. Whether that’s through physical access, record keeping or monitoring the workforce. It is worth noting that although facing some worrying figures, in comparison to healthcare systems often other countries (Australia, Canada, France, Netherlands, New Zealand, Sweden, Switzerland and the USA) the NHS was found to be most impressive overall by the Commonwealth Fund in 2014. It was also rated as the best system in terms of efficiency and effective care.
The healthcare sector actively invests in security infrastructure in either continuous renovations of older sites or new buildings as well. The NHS is prioritising both physical safety and information security as key areas to consistently improve on. This plays an important role in the NHS’s commitment to digitize all patient health records as by doing so, the NHS will have to face the possibility of data corruption or theft. An example of this is the significant investment Yeovil District Hospital NHS Foundation Trust has made to protect patient information; over £54,000 has been invested in mobile device management technology since 2013 in order to prevent the theft of sensitive patient data.
With an increase in concern over safety procedures across the industry, healthcare professionals are called upon to use ID cards and pin entry systems for both physical access and access to patient’s data. However, ID and swipe cards are by nature, inherently flawed; cards can easily be lost, stolen or shared – causing potentially serious security breaches, whilst also demanding reoccurring costs for replacement. Many argue that the answer to these issues is found in biometric security systems.
Biometric technology has been implemented in the healthcare industry for many years now, with the United States being the first prominent marketplace to introduce the technology to everyday work practices. So what are biometrics? Biometrics are the measurable factors related to human characteristics. Using unique physiological reference points to identify an individual such as fingerprints, DNA or the iris. The identifiable characteristic data is mostly associated with security because biometric traits provide a higher, more secure level of authentication, where special characteristics are unique to the individual. Fingerprints were one of the earliest forms of biometric data and continue to be one of the most commonly used forms of biometric identification. Biometrics in the Healthcare industry are primarily used to govern access to private, or restricted areas, and to help provide controllable access to high-value resources such as medicines, equipment or research areas.
In America, 2014 and 2015, the healthcare sector suffered the highest number of data hackings compared to any other sector. According to the Identity Theft Resource Centre, it accounted for 43% of all breaches. In order to counteract data breaches, many large American healthcare providers have utilised biometric security systems that use patients or a medical professional’s fingerprint, iris or face in order to gain access to a patient’s medical health records.
When using biometrics there are certain processes that need to take place, firstly enrolment. When an individual enrols onto a biometric system, in this example a fingerprint recognition system, a reader will be used to acquire an image of the fingerprint. From this image, unique reference points known as minutiae will be measured and recorded to create a map or wireframe of the data points. This map is then converted into binary code, which is in turn encrypted and transferred to the system for storage as a template of the person enrolling. Once enrolled, when an individual tries to use the biometric system, the readers will scan their finger and cross-reference it against all sorted templates, once a match is found positive identification can be made if not, a negative result will be made indicating that a match could not be found.
The use of biometrics can severely lower the possibility of a patients details being stolen by reducing the reliance on secondary credentials that can be easily stolen or shared, such as passwords or ID cards. The use of biometric log in’s for nurses, doctors and other healthcare staff has also proven to increase efficiency and alleviate the time spent for IT personal recovering forgotten passwords and log in details. Simply scanning a finger is arguably quicker than typing out lengthy passwords but also safer. Fingerprints are all unique to the individual, biometric fingerprint readers can connect with access control systems allow certain restrictions to be placed on individuals within the workplace.
The Information Governance Toolkit is a Department of Health (DH) system that was commissioned to draw together the legal rules and regulations set out by the DH, which assesses healthcare organisations against how they handle their information and keep it protected from unauthorised access. Part of the assessment is in relation to an organisation’s compliance with the IS027001 regulation. IS027001 is an internal information security standard which has quickly become an industry information security benchmark. An integral part of the accreditation (Section A.11) deals with access control, in particular, access management, user registration and password management. Biometric systems provide a solution as individual characteristics, such as the iris, face or a fingerprint are unique to each individual and can’t be duplicated easily or shared in the same manner as a key card or pin code. The implementation of the latest biometric recognition systems can allow organisations to secure areas throughout facilities and monitor visitor movements, which is vital for health and safety and fire call protocols.
Many companies use biometric access controls to restrict area access and also utilise their ability to link to timekeeping systems for the payroll department and HR. This isn’t just in healthcare but across nearly all industries. A recent example of biometric access control being used to increase efficiencies and save costs is Middlesbrough Football Club. Having previously used a magnetic stripe card system, which was simply not fit for purpose, they realised that they needed a more robust and reliable system, access control suppliers Progeny Access Control recommended the state of the art fingerprint readers from ievo Ltd. Middlesbrough Riverside saw a 300% increase in time saved by HR managers having to process staff attendance and hours for payroll details. The main advantage was, of course, the improved site safety that they could guarantee to all the visiting fans. When it comes to installing a physical access system within the NHS, a potential worry may be the time allocated to registering all fingerprints off all the staff on site – Middlesbrough Riverside found it actually took less than 48 hours to register all employees.
Forward-thinking NHS trusts across the UK are utilising biometric data in order for medical staff to gain access to medicine and medical equipment. Certain rooms or areas in which equipment is stored can be locked using a lock and key or a card but both of these can be stolen, and not always indicate who accessed the area and at what time. The use of biometrics means that authentication can’t be stolen, lost or forgotten, especially at a crucial time when medicine may be needed – scanning a finger is quicker than finding the right key for the lock. Although once inside the area, biometric access doesn’t necessarily identify what item or medicine is picked up, it can identify who collected it, which leads to an increase in accountability within the NHS workforce.
Not only are biometrics being used to identify hospital workers, but also to identify patients and visitors. This approach comes with some large benefits. In a healthcare blog titled ‘The Future of You by KQED Science, it was noted that hospitals are looking to find easier ways to identify patients. As surnames change and residences move, it can prove hard to keep track of patients and also could lead to duplicated health records. This isn’t severe but can prove time-consuming and costly for healthcare organisations. Linking patient’s fingerprints to health records and personal data can prevent duplicated or mismatched files, avoiding confusion and potentially dangerous situations (e.g. wrong medication allocated).
The increase in hospitals worldwide using biometrics to identify patients signifies a growing trend across healthcare, this is due to increased data security and efficiencies in gaining access to data for authorised medical staff. By enrolling patients onto a biometric access system, it limits access to certain areas of the hospital, which in turn keeps healthcare staff more secure by minimising unknown individuals accessing areas they shouldn’t be. As mentioned previously, the number of assaults on NHS staff was 70,000 cases in 2015. Healthcare organisations can also enrol hospital visitors in order to limit access to certain wards. A busy A&E ward in a city centre hospital on a Friday night will receive numerous visitors in many forms – by limiting their access to certain wards, the safety of both staff and patients is increased.
As biometrics are becoming more commonplace in the healthcare sector on the whole and especially within the NHS, it is likely that hospitals will utilise multiple identifiers for both staff and patients. The use of swipe cards for access control is certainly going to diminish over time but across all industries, it appears that they biometric controls are often being used on top of cards, to increase safety measures further. Darrell Shawl’s 2013 ‘Biometrics – Implementing into the Healthcare Industry’ thesis identifies further recommendations as to the use of biometrics in the NHS that haven’t already been discussed in this article such as the implementation of mobile biometric patient identification points throughout a hospital to confirm that a patient has made it to various touch points such as pre-op or theatre in order to fully track a patient’s progress efficiently. The thesis also suggests that as a patient’s health records become digitised, the use of biometrics alongside traditional logins, smart cards and badges increases data protection, as a two-factor authentication process is much harder to crack. The financial industry is already implementing biometric technology to control access to billions of pounds worth of funds and data as well as physical access. As the NHS faces further challenges in 2017 and beyond, many of the key issues listed at the start of the article can be tackled thanks to the use of biometric technology.
About the author: Shaun Oakes is the Managing Director at ievo Ltd, a North East based manufacturer of biometric fingerprint readers. Shaun started the company in early 2009, having previously worked within the sector at Director level, with the aim to deliver biometric products for real-world deployment.
After a year in development, the first reader created, the ievo ultimate, became the industry leader. ievo cater for the vast majority of industries, including but not limited to; education, construction, industrial units/factories, leisure and healthcare facilities.
For further information on using biometric technology within your organisation, contact ievo Ltd on 0191 296 3623 or visit www.ievoreader.com
NOTES TO EDITORS:
ievo Ltd is a leading designer and manufacturer of world-class biometric recognition systems based in the North East of the UK. Offering full integration options, ievo Ltd provides a safe, secure and reliable biometric solution for the access control market.