The finger-scanning technology in action. (CrossChx)

Sponsored by

Become a KQED sponsor

Soon, it might become the norm to verify your identity at the hospital or clinic by scanning your fingerprint.

One California clinic, the Kern County Medical Center in Bakersfield, recently started experimenting with a biometric fingerprint reader, called SafeChx, to avoid mixing up patients with similar names, and potentially even crack down on fraud. It’s the first hospital in California to use the SafeChx system.

The SafeChx system, which is available for free, is now used by 178 hospitals around the country. Patients are asked to scan their finger so hospital administrators can view their personal information, including their history of hospital visits and medical record.

New technologies for patient identification are spreading quickly in health systems in the U.S. as an alternative to a national patient identifier, which is used in other countries to accurately match patients to their medical record. Health systems today rely on demographic data, like name, address and phone number, which are likely to change over time.

“We serve a large Latino population, and they often use both their maiden name and their married name,” says Edward Din, director of patient access at Kern County’s Medical Center. “Sometimes those names are reversed. This resulted in a lot of confusion.”

But some health and privacy experts say finger-scanning technologies are not the magic solution. Once a fingerprint has been compromised, they say, it’s impossible for a patient to get a replacement. And it could open small hospitals to being hacked if the data is stored in one place.

New Technologies to Identify Patients

SafeChx was developed by Sean Lane, a former fellow at the National Security Agency, better known as the NSA, and Brad Mascho, an executive at a health insurance association. It is the flagship product of a company called CrossChx.

Brad Mascho and Sean Lane, the founders of CrossChx.
Brad Mascho and Sean Lane, the founders of CrossChx. (CrossChx)

Lane and Mascho initially became interested in patient identifiers after a health system in their hometown in Southeastern Ohio asked them for advice on cutting down on prescription drug abuse, a consequence of identity theft.

“Many hospitals were using first name and date of birth to identity patients,” says Lane. “That simply wasn’t good enough.”

The founders viewed biometric identification techniques, like fingerprints, as the next step for hospitals. They say the fingerprint doesn’t need to be tied to any other sort of identifying information, like state status, so it can even be used by patients who are undocumented.

CrossChx is targeting small to medium-sized hospitals first, before reaching out to large academic teaching hospitals. It makes money by selling health care applications through its app store, which hospitals can use in addition to SafeChx.

Kern Medical Center’s employees say their patients don’t seem to have major reservations about scanning their finger. Since June of this year, more than 6,000 patients were asked to register to the system, according to Din, and 93 percent agreed to participate. Kern’s registrars were trained to inform patients how the process would work.

The system checks in patients with their permission.
The system checks in patients with their permission. (CrossChx)

Many of Kern’s patients come from low-income households. Scott Thygerson, the hospital’s chief strategy officer, describes it as a “safety net hospital” that is responsible for nearly half of the population in the county — those who are enrolled in Medicare or have no insurance. “It’s nice to be on the leading edge of this,” Thygerson says.

CrossChx’s founders say they are not surprised that patients have been open to scanning their index finger. They claim that those who have opted out tend to be uninformed or have something to hide.

“It’s not worth our time to educate that sliver of the population,” Lane says.

Privacy Concerns

But some health experts say finger-scanning may not be an approach that’s in the patient’s best interests.

“It’s the opposite of a delightful customer service,” says Bob Kocher, a clinician and an investor in health technology at Venrock.

In Kocher’s view, most problems that patients face do not require extensive knowledge about their medical and visit history. And most patients are not out to commit fraud.

Privacy advocates harbor a different set of concerns about finger-scanning technology.

“I’m not sure that this protects against medical identity theft,” said Lee Tien, a senior staff attorney at the Electronic Frontier Foundation (EFF), a San Francisco-based group that specializes in Internet privacy. In order for that to work, even in theory, he argues, the entire U.S. health system would need to adopt it.

Tien says a biometric like a fingerscan is no better than a password or any other secret information. Moreover, when a biometric is compromised, it’s compromised for good. “I can’t change my fingerprints. Or iris. Or anything else,” he says.

Tien’s biggest concern is that the finger scan will spread outside of health providers and into the hands of insurers, or that it will become a de facto national patient identifier.

Currently, a debate is raging in Washington D.C. about the drawbacks and potential benefits of using biometrics to identify patients. Many privacy groups, including Patient Privacy Rights and EFF, have spoken out against patient IDs that can match individual patients to all sorts of medical information, referring to them as “the health care cousin of NSA surveillance.” These groups also argue that putting this information in one system would actually increase the likelihood that it will get hacked.

Hospitals that are not using the technology are experimenting with other approaches. John Mattison, chief medical information officer at Kaiser Permamente, says administrators are not using fingerprints. But they are increasingly taking photos of patients and storing them in the medical record.

Mattison says it’s not easy to crack down on fraud and keep patients safe, while maintaining privacy and security.

“The key is identity management that is flexible and appropriate to the level of privilege you get,” he says, “while being unlikely to get abused for criminal purposes. That’s the ideal.”

Would You Trust a Hospital to Scan Your Fingerprint? 22 November,2015Christina Farr

  • J_H_M

    A few months ago I renewed my drivers licence and as happens every so many renewals I had to take a written test. My thumb print, already in the DMV system, was scanned when I had my picture taken for the new licence, then again when I “checked in” at a different location in the room to take the written test (at a computer). My observation, was that the use of the thumb print as a bio-metric identifier, definitely and noticeably changed the attitude of the DMV employees doing the scanning–for the worse. In is definitely not a practice that I would like to see spread, if only for the bad effect it has on the people doing the scanning, with the people being scanned in effect becoming cattle, or goats or pigs to be herded, or consoled or exploited to those doing the scanning.

    • bill summers

      I understand your concern at the DMV, but let’s be real, when have you every walked out of the DMV thinking you had such an amazing experience? Especially with some of the attitudes of the clerks helping you!

      Truth is, Medical Identity theft affects over 2 million patients every year and it’s also the most costly form of ID theft. It is a $41 Billion problem annually and ultimately that burden falls on the people in the form of higher costs of healthcare.

      Additionally, a system like this ensures that you, as the patient, only have one medical record in that hospital’s medical record system. This means that there is less of a chance of things like medical errors that can occur (think if you have an allergy on one record and not another, and then a doc uses the wrong record during a visit, it could have deadly consequences).

      It’s really up to the hospitals to make sure you don’t feel like “just another number” or herded livestock. Hospitals are keeping an eye on that through things like patient satisfaction surveys and HCAHPS scores.

      Bottom line, if my health care facility offers this service and it protects my medical identity and improves my health care outcomes, sign me up!

Author

Christina Farr

Christina Farr (@chrissyfarr) is the former editor and host of Future of You. She was previously with Reuters, covering digital health and Apple and before that, she reported for Venture Beat. Christina was born and raised in London and has graduate degrees from University of London and the Stanford School of Journalism. Farr’s work has appeared in a variety of publications, including the New York Times, the Daily Telegraph, the Bay Citizen and SFGate.com. She has appeared as a featured expert on NBC, ABC and Reuters TV, among others, and frequently speaks at health and technology conferences. She is also co-founder of Ladies Who Vino, a networking group for women in technology and business.