Journal of Medical Systems

, Volume 34, Issue 5, pp 975–983 | Cite as

Biometrics for Electronic Health Records

  • Alejandro Enrique Flores Zuniga
  • Khin Than Win
  • Willy Susilo
Original Paper


Securing electronic health records, in scenarios in which the provision of care services is share among multiple actors, could become a complex and costly activity. Correct identification of patients and physician, protection of privacy and confidentiality, assignment of access permissions for healthcare providers and resolutions of conflicts rise as main points of concern in the development of interconnected health information networks. Biometric technologies have been proposed as a possible technological solution for these issues due to its ability to provide a mechanism for unique verification of an individual identity. This paper presents an analysis of the benefit as well as disadvantages offered by biometric technology. A comparison between this technology and more traditional identification methods is used to determine the key benefits and flaws of the use biometric in health information systems. The comparison as been made considering the viability of the technologies for medical environments, global security needs, the contemplation of a share care environment and the costs involved in the implementation and maintenance of such technologies. This paper also discusses alternative uses for biometrics technologies in health care environments. The outcome of this analysis lays in the fact that even when biometric technologies offer several advantages over traditional method of identification, they are still in the early stages of providing a suitable solution for a health care environment.


Electronic health record system Biometrics security Share care paradigm 



The authors acknowledge the Government of Chile and University of Talca (Chile) for the support of this research.


  1. 1.
    Agrawala, R., and Johnson, C., Securing electronic health records without impeding the flow of information. Int. J. Med. Inform. 76:471–479, 2007. doi: 10.1016/j.ijmedinf.2006.09.015.CrossRefGoogle Scholar
  2. 2.
    Anderson, J. G., Social, ethical and legal barriers to E-health. Int. J. Med. Inform. 76:480–483, 2007. doi: 10.1016/j.ijmedinf.2006.09.016.CrossRefGoogle Scholar
  3. 3.
    Atkins, W., A bill of health for biometrics. Biometric Technol. Today. 8 (9)8–11, 2000. doi: 10.1016/S0969-4765(00)09010-X.CrossRefGoogle Scholar
  4. 4.
    Au, M., Huang, Q., Liu, J., Susilo, W., Wong, D., and Yang, G., Traceable and retrievable identity-based encryption. Applied Cryptography and Network Security, 2008, pp. 94–110.Google Scholar
  5. 5.
    Bakker, A., Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences. Int. J. Med. Inform. 73:267–270, 2004. doi: 10.1016/j.ijmedinf.2003.11.008.CrossRefGoogle Scholar
  6. 6.
    Blobel, B., Application of the component paradigm for analysis and design of advanced health system architectures. Int. J. Med. Inform. 60 (3)281–301, 2000. doi: 10.1016/S1386-5056(00)00104-0.CrossRefGoogle Scholar
  7. 7.
    Blobel, B., Authorisation and access control for electronic health record systems. Int. J. Med. Inform. 73 (3)251–257, 2004. doi: 10.1016/j.ijmedinf.2003.11.018.CrossRefGoogle Scholar
  8. 8.
    Blobel, B., Comparing approaches for advanced e-health security infrastructures. Int. J. Med. Inform. 76 (5–6)442–448, 2007. doi: 10.1016/j.ijmedinf.2006.09.012.Google Scholar
  9. 9.
    Blobel, B., Nordberg, R., Davis, J. M., and Pharow, P., Modelling privilege management and access control. Int. J. Med. Inform. 75 (8)597–623, 2006. doi: 10.1016/j.ijmedinf.2005.08.010.CrossRefGoogle Scholar
  10. 10.
    Blobel, B., and Roger-France, F., A systematic approach for analysis and design of secure health information systems. Int. J. Med. Inform. 62 (1)51–78, 2001. doi: 10.1016/S1386-5056(01)00147-2.CrossRefGoogle Scholar
  11. 11.
    CEN-ENV. Health informatics—Security for healthcare communication—Part 1: Concepts and terminology. Published Standard CEN ENV 13608-1:2000: European Committee for Standardization; 2000.Google Scholar
  12. 12.
    CEN-ENV. Health informatics—Security for healthcare communication—Part 2: Secure data objects. Published Standard CEN ENV 13608-2:2000: European Committee for Standardization; 2000.Google Scholar
  13. 13.
    CEN-ENV. Health informatics—Security for healthcare communication—Part 3: Secure data channels. Published Standard CEN ENV 13608-3:2000: European Committee for Standardization; 2000.Google Scholar
  14. 14.
    Chen, Y.-C., Chen, L.-K., Tsai, M.-D., Chiu, H.-C., Chiu, J.-S., and Chong, C.-F., Fingerprint verification on medical image reporting system. Comput. Methods Programs Biomed. 89 (3)282–288, 2008. doi: 10.1016/j.cmpb.2007.11.007.CrossRefGoogle Scholar
  15. 15.
    Choe, J., and Yoo, S. K., Web-based secure access from multiple patient repositories. Int. J. Med. Inform. 77 (4)242–248, 2008. doi: 10.1016/j.ijmedinf.2007.06.001.CrossRefGoogle Scholar
  16. 16.
    Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M., Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J. Med. Syst. 30 (1)57–64, 2006. doi: 10.1007/s10916-006-7405-0.CrossRefGoogle Scholar
  17. 17.
    Conrick, M., and Newell, C., Issues of ethics and law. In: Conrick, M. (Ed.), Health informatics: transforming healthcare with technologyThomson Social Science Press, Melbourne, 2006.Google Scholar
  18. 18.
    Delac, K., and Grgic, M., A survey of biometric recognition methods. 46th International SymPoSium Electronic in Marine. ELMAR 2004, Zadar, 2004.Google Scholar
  19. 19.
    Garson, K., and Adams, C., Security and privacy system architecture for an e-hospital environment. Proceedings of the 7th Symposium on Identity and Trust on the Internet. ACM, Gaithersburg, Maryland, 2008.Google Scholar
  20. 20.
    Gates, M. A., Biometrics—passing on using passwords. Radiol. Today. 8 (17)28–31, 2007.Google Scholar
  21. 21.
    Grain, H., Consumer issues in Informatics. In: Conrick, M. (Ed.), Health informatics: transforming healthcare with technologyThomson Social Science Press, Melbourne, 2006.Google Scholar
  22. 22.
    Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inform. 73 (3)305–309, 2004. doi: 10.1016/j.ijmedinf.2003.12.011.CrossRefGoogle Scholar
  23. 23.
    Heckle, R. R., and Lutters, W. G., Privacy implications for single sign-on authentication in a hospital environment. Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, Pittsburgh, Pennsylvania, 2007.Google Scholar
  24. 24.
    Hoque, S., Fairhurst, M. C., Deravi, F., and Howells, W. G. J., On the feasibility of generating biometric encryption keys. IEEE Electron. Lett. 41 (6)309–311, 2005. doi: 10.1049/el:20057524.CrossRefGoogle Scholar
  25. 25.
    IBG, Biometric Basics: What are the Benefits of Biometric Technology? In International Biometric Group Reports and Research International Biometric Group <>. Accessed, 2008
  26. 26.
    Liu, S.-L., Guo, B.-A., and Zhang, Q.-A., An identity-based encryption scheme with compact ciphertexts. J. Shanghai Jiaotong Univ. Sci. 14 (1)86–89, 2009. doi: 10.1007/s12204-009-0086-3.CrossRefMathSciNetGoogle Scholar
  27. 27.
    Lusignan, S. D., Chan, T., Theadom, A., and Dhoul, N., The roles of policy and professionalism in the protection of processed clinical data: a literature review. Int. J. Med. Inform. 76:261–268, 2007. doi: 10.1016/j.ijmedinf.2005.11.003.CrossRefGoogle Scholar
  28. 28.
    Marohn, D., Biometrics in healthcare. Biometric Technol. Today. 14 (9)9–11, 2006. doi: 10.1016/S0969-4765(06)70592-6.CrossRefGoogle Scholar
  29. 29.
    Ohno-Machadoa, L., Silveira, P. S. P., and Vinterbo, S., Protecting patient privacy by quantifiable control of disclosures in disseminated databases. Int. J. Med. Inform. 73 (7–8)599–606, 2004. doi: 10.1016/j.ijmedinf.2004.05.002.CrossRefGoogle Scholar
  30. 30.
    Pierce, F. S., Biometric identification. Health Manag. Technol. 24 (5)38, 2003.Google Scholar
  31. 31.
    Pons, A. P., and Polak, P., Understanding user perspectives on biometric technology. Commun. ACM. 51 (9)115–118, 2008. doi: 10.1145/1378727.1389971.CrossRefGoogle Scholar
  32. 32.
    Rash, M. C., Privacy concerns hinder electronic medical records. The Business Journal of the Greater Triad Area 2005 April 4.Google Scholar
  33. 33.
    Reynolds, P., The keys to identity: as healthcare organizations strive for greater security, some are using a very personal approach in the form of biometrics.(Security/Authentication) (Cover Story). Health Manag. Technol. 25(12):12(14), 2004.Google Scholar
  34. 34.
    Safran, C., Bloomrosen, M., Hammond, W. E., Labkoff, S., Markel-Fox, S., Tang, P. C., and Detmer, D. E., Toward a national framework for the secondary use of health data: an American medical informatics association white paper. J. Am. Med. Inform. Assoc. 14 (1)1–9, 2007. doi: 10.1197/jamia.M2273.CrossRefGoogle Scholar
  35. 35.
    Sahai, A., and Waters, B., Fuzzy identity-based encryption. Advances in Cryptolog EUROCRYPT 2005, 2005, pp. 457–473.Google Scholar
  36. 36.
    Schneier, B., Security engineering: a guide to building dependable distributed systems. Wiley, New York, 2001.Google Scholar
  37. 37.
    Shamir, A., Identity-based cryptosystems and signature schemes. Advances in Cryptology, 1985, pp. 47–53.Google Scholar
  38. 38.
    Shin, Y. N., Lee, Y. J., Shin, W., and Choi, J., 110 P.s.-. and 10.1109/WAINA.2008.289 D.O.I. Designing Fingerprint-Recognition-Based Access Control for Electronic Medical Records Systems. INAW 2008—2nd International Conference on Advanced Information Networking and Applications—Workshops, Okinawa, Japan, 2008.Google Scholar
  39. 39.
    Stamp, M., Information security: principles and practice. Wiley, Hoboken, 2006.Google Scholar
  40. 40.
    van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78 (3)141–160, 2009. doi: 10.1016/j.ijmedinf.2008.06.013.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Alejandro Enrique Flores Zuniga
    • 1
  • Khin Than Win
    • 1
  • Willy Susilo
    • 1
  1. 1.Faculty of InformaticsUniversity of WollongongWollongongAustralia

Personalised recommendations