By Mandy Kühn, journalist in Munich, Germany
With a staff of 3,000, Susquehanna Health, based in Williamsport, Pennsylvania, is the region’s largest employer. There are three hospitals in the network, treating 14,000 inpatients and 500,000 outpatients a year. Especially in times when costs and compliance pressure are increasing the Health complex is always looking for innovations. The introduction of biometric access, for example, allows the health center not only to manage patient data more securely but also to save administrative costs and free up more time for patients.
As elsewhere in the USA, patient and data protection plays a central role at Susquehanna Health. Patient data in the USA has to be handled in accordance with comprehensive statutory compliance regulations. The most important of these is the Health Insurance Portability and Accountability Act (HIPAA), the aim of which is to standardize and simplify electronic data transfer in healthcare and ensure a high level of data security. To ensure data protection and privacy, anyone using medical or patient data is legally required to authenticate themselves. In order to comply with these guidelines with a minimum of effort, Susquehanna Health has been using biometrics since October 2002.
Biometric IT access ensures compliance and convenience
Susquehanna Health IT administrator Tim Schoener associates two things, above all, with this identification technology: “compliance and convenience – making it easy to comply with the rules is what makes biometrics so special.” In an initial test phase, 250 doctors and IT staff used their fingerprints to gain access to the IT system. Just under two years later, the user group was extended to all hospital and administrative staff. The main reason for this step was the implementation of a new release of a medical information system in 2004. The solution chosen in order to coordinate hospital processes across the different hospitals, support the workflow and offer comprehensive access to relevant information was Soarian from Siemens Medical Solutions USA, Inc. According to Schoener, the decision in favor of Siemens owed much to a partnership stretching back many years: “We have been working with Siemens for 35 years, and throughout that time our experiences have been nothing but good. Thanks to this partnership, we were very closely involved in the development of Soarian. That was enormously important to us – after all, getting a technology that will be able to meet our future demands is one of our top priorities.”
Because the new IT system allowed all hospital data to be viewed and edited from any authorized workstation, a reliable and secure means of identifying personnel was absolutely essential. Until that point, most staff had been using a user name and password to access the system in the usual way. But in the hustle and bustle of a working day, medical staff often found the procedure too time-consuming. In addition, the passwords had to be changed every 90 days for security reasons. In order to protect sensitive data adequately while minimizing the efforts required of staff, Siemens added biometric IT access control to the Soarian system.
The hospital benefited from synergies within the Siemens group when Siemens Healthcare brought specialists from Siemens IT Solutions and Services on board to integrate the biometric ID center solution. The IT service provider equipped around 1,200 workstations with ID mice, around 300 mobile tablet PCs with fingerprint sensors and installed a biometric authentication system. This saves the encrypted biometric profiles of the staff in a secure central database and compares them with the fingerprints scanned by the ID mouse. Any changes a user makes in the system can be traced without problems, and it is easy to find out who made them. “This traceability allows us to meet requirements in terms of compliance and data security with ease. Moreover, our staff now take more care to protect their workstations when they leave them for a short time,” says Schoener.
A further benefit, which improves data protection and security enormously, is that it is easy to set up different access levels for financial, administrative and medical staff, for example. Depending on their authorization, users are given access to applications on their desktops. These range from applications for admitting patients to clinical programs, hospital reports, care plans and the distribution of medications.
Expansion of the system to cope with growing demands
Following an implementation period of around two months, biometric recognition for the first 300 members of staff went off smoothly, starting in October 2002. It was therefore planned to extend the solution to all 3,000 members of staff at the end of 2003. At this point, the Siemens experts were confronted with a particular challenge. The original ID Center solution was designed for a maximum of 1,000 users. With three times that number of users, the system's response times for fingerprint recognition became unsatisfactory.
The team from Siemens IT Solutions and Services worked under great pressure for three months to improve the system’s performance. Gerd Hribernig head of the Biometrics Center of Siemens IT Solutions and Services in Graz, recalls: “Instead of using new, more powerful but more expensive servers, we thoroughly revised the search strategies in the algorithms. Very satisfactory results were obtained with this new software. Although this delayed the rollout by around three months, it meant that Siemens had a unique biometric solution on the market with the new feature 'Fast Identify'”. Today, the system provides identification rates in a matter of seconds.
Widespread acceptance thanks to training and security
If you ask IT manager Schoener whether the biometric solution has been well received by hospital staff, he laughs and exclaims simply: “They love it!” But it wasn’t always like that, not for everyone and not right from the start at any rate. When the solution was introduced, some staff were concerned that images of their fingerprints would be stored in databases or that the technical complexity and thus the effort required by the identification process could increase. But the doubts turned out to be unfounded: “After detailed training and instruction about the system, we were quickly able to dispel the concerns of our staff. It soon became clear that the biometric system does not interfere with individuals’ rights and makes things much simpler for people,” says Schoener.
There is also no doubt that introduction of the new system was made easier by the fact that its use was voluntary. Skeptical staff always had the alternative of continuing to log in with their user name and password. It speaks volumes for the biometric solution that after just a few short months over 95 percent of staff were using it to log in: “Practical experience has repeatedly shown that even skeptics switch to biometrics very quickly on grounds of convenience alone,” reports Hribernig.
Nevertheless, the German IT service provider wanted to leave nothing to chance in terms of data protection. The data of all three hospitals is stored on a central database server in the form of biometric templates. These attribute records are encrypted point clouds that allow the differences between fingerprints to be revealed, but not the attributes themselves. This data cannot be used forensically, for example. In addition, the key used to decrypt the data is stored locally with the user and thus cannot be misused by a third party. "Communicating this effectively to customers and their staff is perhaps one of the most important tasks in a project like this," asserts Hribernig. "The success of the project depends on whether or not staff accept it."
The biometric future at Susquehanna Health Center
Still in this year, it is expected that staff at Susquehanna Health will be working with ID Center Version 4.0. The most important innovation will be the extension of fingerprint recognition with palm vein recognition. This new technology scans the vein pattern under the palm, which is unique in each person. A contactless infrared scanner scans the palm of the hand at a distance of a few centimeters in a matter of seconds. The vein pattern scanned is compared with the vein pattern image stored for that person. Since the veins are under the skin, it is particularly difficult to fool the system. Schoener is excited about this new technology: “Fingerprint recognition doesn’t work with staff who have suffered bad injuries to their fingertips, so they still have to use passwords. With the planned vein scanners, they too will soon be able to get the benefits of biometrics.”
The hospitals are also planning to extend the fields of application of biometrics. A new patient building with a physical building admission control system is planned in the next few years. Patients, too, will benefit from the technology in the long term. There are a whole range of possibilities, explains the IT administrator: “If patients could register and identify themselves biometrically, that would bring great benefits in terms of convenience. Registration procedures would be accelerated, while mistaken identity and misuse of insurance cards would be eliminated.” (Photo source - Mandy Kühn)
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment