One of the big areas of interest in wearable Health Tech is the ability to gather massive amounts of data about individuals. This information can be used to improve the diagnosis and treatment of illness for those individuals, but it can also be analyzed to improve the outcomes (and lower healthcare costs) for larger populations as a whole. This potential benefit raises many other issues, not the least of which is the question of keeping that data secure from abuse, and protecting the identity of the individual. Identity theft is already a big problem in our personal finances, and it could become just as big a problem when it comes to our health records.
We have covered the challenges of making patient IDs that are secure, effective, and easy to use. Some people favor implanting a unique chip that can be scanned and recognized. Others advocate the use of biometric data such as fingerprints, eye scans, or even DNA as unique identifiers for individuals. I recently came across an analyst’s blog post who makes a strong case for biometrics over chips. He points out that biometric technology exists today that can identify a single individual out of the world’s population. He mentions the “false acceptance rate” (FAR) for different approaches. DNA apparently has a FAR of 1 in 250 billion. The palm scan system developed by Fujitsu (which senses blood vessels) has a FAR of about 1 in 1.25 million. According to some sources, fingerprint scannershave a FAR of about 1 in 100,000.
The blog post makes the case that biometrics cannot be stolen, while technological tokens such as RFID chips can. Also, an implanted chip that fails or has been compromised may be difficult and painful to replace. This may be true, but there remains the question of what happens when an individual’s biometric data is altered. Fingers can be cut or even lost. The Fujitsu palm scans only work if there is blood flowing through the hand; while this prevents the bad guys from using an amputated hand to gain access, it also means that the loss of a hand could result in the loss of identity for an individual. Even DNA readings can be compromised if a patient receives a bone marrow transplant, thus introducing DNA from another person into their bloodstream.
And then there’s the whole question of false rejections. A low false acceptance rate helps keep impostors out, but a high false rejection rate can make it annoying and inconvenient for the individual who is incorrectly identified as an impostor.
The bottom line is that we need a way to establish our identity for a wide range of digital data systems in our lives. It needs to be quick, easy, and reliable. This means that it must do a good job of rejecting impostors while doing an equally good job of correctly identifying the target individual. The only thing that appears to be certain at this point is that we’re not there yet.