Heartbeat Passwords Could be an Affordable way to Protect Medical Records

By Luke Dormehl for Digital Trends

Why it matters to you. Keeping medical records secure is of utmost importance and using a patient’s heartbeat data could be just the way to do it.

Whether it’s instantaneous diagnoses or simply making patients more directly responsible for their own wellbeing, there are plenty of things that are exciting about the tech-driven healthcare revolution. But one major question mark regarding individuals’ access to their health records is the issue of security and privacy — and how to put this into place in an affordable way.

According to a new piece of research, investigators at Binghamton University in New York think the best way to do it might be by using a patient’s own unique, distinctive heartbeat as a form of password.

“The proposed solution applies one extra layer of security protection on patients’ health data collected from emerging wearable gadgets or mobile devices,” Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering, told Digital Trends. “The key goal is to reduce the computational overhead involved in protecting the sensitive personal health data.”

The idea revolves around the fact that, in many cases, electrocardiograms (ECGs) have been collected from patients for a clinical diagnostic purpose. As a result, there is the added possibility of reusing them as a security key for protection purposes with a minimum cost.

Accessing medical records could then be achieved by their rightful owner using a biosensor attached to the skin.

This isn’t the first time Jin has investigated the possibility of biometrics to establish a person’s identity. Previous work, which this current project builds on, involved reading a person’s unique “brain prints” to grant them access to computers or buildings. As Jin explained, ECG readings aren’t 100 percent perfect yet, but they could work effectively alongside another form of a password.

“Compared to existing biometric approaches, no matter the conventional fingerprint or the advanced brain print we proposed before, ECGs are more vulnerable to variations, which may be caused by individuals’ physical activities [or] mental states,” Jin said. “That’s also the reason that ECG hasn’t been widely adopted in identifying and authenticating individuals, as a standard biometric. [But] the unique nature of ECG can make it [valuable] as a perfect secondary authentication approach, especially for this telemedicine or mobile health domain, because ECG is one of most significant physiological signals that must be acquired for clinical purpose.”

Share Article: