Solution Provider Prescribes Biometrics

"Passwords, I knew right off the bat, wouldn't work, so we starting looking at biometrics," Sims said.

NFMC, a Tallahassee-based nonprofit that provides medical and dental services to 17,000 patients at several clinics in rural North Florida, turned to Orlando, Fla.-based integrator Biometrics Direct for an iris-scanning solution.

So far, about 35 NFMC employees who access patient records on the network now log on via the iris-scanning solution that Biometrics Direct implemented. Plans now call for rolling out the solution to roughly 100 workstations over the next six to eight months.

The biometrics solution, which includes a proximity sensor that automatically logs off users when they step away from a PC, ensures that NFMC meets HIPAA requirements for keeping electronic patient records secure and private by allowing only authorized users access to patient data, Sims said.

The solution puts an end to password sharing, which had happened in some clinics, Sims said. For example, a front-desk clerk would share her password with an employee on the cleaning crew who wanted to play computer games or do online research.

"They weren't doing anything malicious, but they were accessing computers without permission. There was a risk that information could be shared that was confidential," Sims said.

In looking for a stronger form of authentication, NFMC initially tested a smart card but saw that there could potentially be a problem of users forgetting their cards, Sims said. Then it tested a fingerprint scanner, but some female employees had trouble getting access with it. Sims believes the problem stemmed from the women's hand cream, which built up on the scanner.

He looked into biometric solutions that didn't require physical contact. A facial scanner was too costly, so he decided to go with the iris scanner, Sims said. "Everywhere I've got it so far, it's working out great," he said.

The solution provided by Biometrics Direct combines the iris scanner,a Panasonic Authenticam, which uses Private ID iris-recognition technology from Iridian Technologies,with Saflink SAFsolution Enterprise Edition software.

An additional hardware component is the ComputerProx TF-2000, the proximity sensor that prevents someone from "piggy-backing" on an active user session by automatically terminating a session when a user walks away from a workstation, said James Childers, CEO of Biometrics Direct.

The integrated solution allows NFMC to comply with HIPAA's requirements for unique end-user authentication and automatic logoff, he said.

"Health care is going to be the major driver for biometrics in 2003," Childers said. "It's not just hospitals. The HIPAA regulations are broad and sweeping. They deal with any organization that has access to individually identifiable patient records. %85 The cost of the changes that are being made to accommodate the HIPAA requirements will outstrip the costs of Y2K remediation by about three to one."

For NFMC, implementing each workstation with the biometric solution cost about $445: $249 for the Authenticam; $99 for the TF2000; $45 for Saflink; and $50 for the Iridian license.

Sims said the price is small for the amount of security it provides. The iris scanner cost more than a fingerprint scanner, but the expense is worth the possible alternative of a lawsuit for unauthorized access of patient data, he said.

An added benefit of the solution is easier administration, Sims said. The Saflink software provides self-enrollment, which is key for NFMC's clinics, as some of them are up to 100 miles away from the facility's headquarters.