Medical identity theft has long been an issue for hospitals, and a serious problem not only for patient safety, but for a hospital's bottom line.
Most hospitals have problems with medical overlays (when one patient record is overwritten with data from another patient's record) - caused by forging, theft, or sharing of key identifiers like social security numbers and names. If a patient is treated based on the wrong medical record, not only is the patient at serious medical risk, but the organization faces potential lawsuits, which can have disastrous financial consequences. Another consideration of authenticating patient identity is time; registrars often waste valuable hours re-entering data each time the patient presents.
When it comes to authenticating patients' identity while protecting their privacy, many feel the healthcare sector lags behind other industries. In January, the Office of the National Coordinator in Washington released a report on medical identity theft, noting that patient authentication can be one of the simplest ways to it. One solution is biometrics.
Long seen as the stuff of science fiction, many equate biometric security technology with Mr. Spock opening a port door with the wave of a hand. But at several hospital systems, the future is here, with palm vein authentication as an easy-to-implement solution. “It would require no, or very little, user training,” says Sally Hudson, research director, security products and services for IDC consultants, Framingham, Mass. “Getting up and running quickly is a cost savings.”
Hudson also says that it can help hospitals obtain HIPAA certification and comply with new Federal Trade Commission anti-ID theft regulations. The regulations, which the FTC says it won't enforce until May 1, 2009, are commonly known as “red flag” rules and apply to most healthcare providers.
Palm vein authentication technology utilizes a scanner to “read” the vein in a patient's palm using an infrared light. It then matches the patient's biometric template against a database of enrolled users. The scan is assigned a number that is matched with the patient's medical record, eliminating the need for patients to repeatedly provide confidential information, and reducing the time registrars need to check a patient in. With the palm scanning system, once a patient's information is collected on the first visit, it remains permanently in the system. The technology, known in the United States as PalmSecure, was developed by Fujitsu (Sunnyvale, Calif.,) and is fairly common in Asia, where it is has been used at ATMs for about five years.
Here in the U.S., Craig Richardville, CIO of the 23-hospital system Carolinas Healthcare (based in Charlotte, N.C.), was the first to pioneer it in the healthcare setting for patient safety and privacy.
Using it as a unique patient identifier was part of his implementation strategy for the system's Kansas City, Mo.-based Cerner Millennium EMR. “As things become more automated and online, making sure those records are lined up becomes even more critical,” Richardville says. “We wanted to make sure we had something in place before we started to roll out the EMR - it went hand in hand.”
With such a large heath system, Richardville says he needed to ensure that patients coming into the system from any point of access could be accurately identified and matched to the correct patient record - no small feat with more than 300 physical locations. Richardville's research led to an investigation of different biometric technologies, during which he found that fingerprint scanning wasn't accurate enough and retina scanning was too invasive.
Hudson agrees that palm vein authentication has a better reputation than fingerprinting, especially in the medical community. “It's more reliable and not as vulnerable to whether someone is wearing lotion.” By most estimates, about 2 percent of people don't have readable fingerprints; anything from a missing finger to dry skin can throw off a fingerprint, she says.
The technology is scoring high points with patients. According to Lindsey Jarrell, CIO at BayCare Health System a nine-hospital-system based in Tampa, Fla., what they like best is the privacy. Patients no longer have to recite their name, social security number or other identifying information at a desk. Instead, they simply put their hand on the PalmSecure cradle. “We still make a copy of their license and insurance card for insurance filing purposes,” says Jarrell, “but you no longer have to have that conversation.”
At BayCare, Jarrell has had such a positive reaction from patients that he is now enrolling visiting family members to increase the size of the PalmSecure database. “You might be a family member today and a patient tomorrow,” he says, adding that the family members are often eager to enroll once they see the technology in action.
But is the ROI on such a novel technology something to bring to the Board? And is it an easy sell? Those already using palm scanning say yes.
“In addition to patient safety, our principal driver was cost avoidance (from lawsuits), by eliminating duplicate medical records and the potential of medical overlays,” Jarrell says. “One negative outcome for one patient because of medical records being overlaid, and that's millions of dollars, easily.”
Jarrell says he justified the purchase by describing the reduction of risk. “Hospitals won't necessarily realize an expense reduction in current day operations but there is a strong case to be made for cost avoidance and liability risk reduction in the future by having this tool in place,” he says. “Cost avoidance and better safety for our patients - it was an easy conversation to have.”
At Carolinas, Richardville had no problem bringing the project to the Board, even though his healthcare system was the first in the United States to use it. “CHS looks favorably upon innovation,” he says. “We put the business case together and there was a high probability of success.”
Jarrell says the biggest costs in his six-month rollout were hardware and licensing. The interfaces, he says, were simple. He used Tampa, Fla.-based HT Systems to help write the interfaces to his Siemens Invision (Malvern, Pa.) front end system at a minimal cost. Ongoing maintenance is very inexpensive, he adds, even with 200 devices rolled out to nine hospitals with 76 points of entry.
Jarrell says with the hundreds of systems he's been a part of implementing, this one was very easy. “And I'm a very cynical CIO when it comes to vendors saying this is a simple implementation,” he adds. “But it was.”
Carolinas has a similar story to tell. On the front end, it partnered with Chicago-based Initiate Systems on its EMPI. “The integration went really well,” Richardville says. “We were one of the first users, so we were blazing the trail and had some lessons learned, but overall it was a very productive process and the timeframes were met well within budget. Certainly, the outcome has been excellent.”
Richardville's biggest lesson learned from being the earliest adopter? “The only thing that I would recommend is that you understand all your different points of entry because the cradle aspect of the device that you use will change.” These points of entry can range from mobile carts to a physician practice to the ED - and patients will have different needs in each. “When we started doing bedside registration, we realized that we needed to get scanners on the carts as well,” he says. “At that time it was more like a solid station, like a desk.”
So far, the major financial plus of using palm vein scanning has been in the cost avoidance area and reducing registration time. But many feel it will have future implications in the area of billing and duplicate medical records. “There's a lot of moving parts in the revenue cycle, and this front-end component is one of several items that make it more efficient on the operational side,” Richardville says. “There are some add-on values.”
Finally, palm vein scanning has another ROI that matters more in these days of intense competition - a hospital's reputation in the eyes of the community. “There is that branding aspect, as well as the public perception,” says Richardville, whose palm vein initiative has been covered in not only local and regional, but national and international news. “Patients respect the fact that you are moving down this technology path, and respecting their privacy.”
Using IT to ID
Palm vein authentication can have very dramatic results in a hospital setting. Lindsey Jarrell, CIO of BayCare Health, recently shared a story that illustrates just how well the technology works:
“We had a John Doe come in this morning. No name, just an address of where they picked him up. Through lots of investigation, we were able to get in touch with his landlord and get a name. We couldn't change the name because it was just hearsay and not a positive identification. The gentleman had been here before and was enrolled in palm scanning. Even though he had passed, we took the Workstation on Wheels into the room and authenticated him, and it came up with the name we were told by the landlord.”
Jarrell adds, “Because we have a trauma center and the second busiest ED in the state of Florida in one of our hospitals, we're going to get those stories over and over. To know that it works on an unconscious patient or even a deceased patient is amazing.”
Palm Vein Scanning - How Does it Work?
The pattern of blood veins is unique to every individual, even identical twins, and will not vary in a person's lifetime. Since the blood vein pattern lies under the skin, it's nearly impossible for others to read or copy. To scan the vein, an individual's hand is placed on a “cradle”, where the vein pattern image is captured by radiating his/her hand with near-infrared rays. The deoxidized hemoglobin in the in the vein vessels absorbs the infrared ray, thereby reducing the reflection rate and causing the veins to appear as a black pattern. An individual's palm vein image is converted by algorithms into data points, which is then compressed, encrypted, and stored by the software and registered along with the other details in his profile as a reference for future comparison. This vein pattern is then verified against a preregistered pattern to authenticate the individual. The near infrared is a component of sunlight, so the scan is as safe as having a hand in the sun. Palm veins, unlike fingerprints, are also not susceptible to minor trauma such as cuts.
Palm vein authentication is a very accurate form of biometric patient identification.
One ROI is cost avoidance of adverse events due to incorrect medical records.
Biometrics can position a hospital as a technology leader in the community.
Cradles for scanning the hand should be adjusted depending on the patient's point of entry.
CIOs who are using it say it is an easy implementation with low maintenance and training.
CONTINUE THE CONVERSATION
Wiki-fy this story at http://www.healthcare-informatics.com by posting comments, listing relevant resources and linking to associated events.
Healthcare Informatics 2009 March;26(3):32-35