2020 International Conference on Emerging Smart Computing and Informatics (ESCI)
AISSMS Institute of Information Technology, Pune, India. Mar 12-14, 2020
Healthcare Biometrics Security and Regulations:
Biometrics Data Security and Regulations Governing
PHI and HIPAA Act for Patient Privacy
A.Jayanthilladevi
College of Computer and Information Department of Computer and
Science Mathematical Sciences
Srinivas University,Mangalore,India University of Africa, Toru – Orua,
drayanthila@ieee.org
Abstract- The digitizing medical record has seen a pattern
shift in the healthcare industry which increases the data in terms
of complexity, diversity, and timeliness. Healthcare industry is
encounters crucial threat owing to security breaches of
healthcare databases. The patients were provided to destitution
due to scamming data and stolen information by medical identity
theft like data breaches are not influenced patients who are PHI
(Protected Health Information) and PII (Personally Identifiable
Information) but healthcare institutions. Automated health care
system introducing personal and electronic health records (PHRs
and EHRs) increase more data risk which advises privacy and
security policies measures. Biometrics need in healthcare
industry is increasing in the worldwide healthcare market. This
paper identifies the healthcare data breaches and their primary
causes with the role of PHI and HIPAA Act for dissuading data
breaches. HIPAA Privacy Rule provides policies and standards
to preserve Protected Health Information (PHI) of individuals
held by the entities. In biometric market HIPAA Act enforces
various needs to preserve confidentiality and privacy of patient
information attained from healthcare facilities to develop
fulfillment for dealing various principles.
Keywords: Biometric, Data Privacy and Security, Healthcare,
HIPAA Act, PHI
I. INTRODUCTION:
Data security and privacy of patient records in healthcare
industry is a concern of developing needs. Health care industry
is vulnerable to scamming and identity theft owing to nature of
information it collect, generates and stores [1]. The embracing
of digital patient records, provider alliance, enlarged regulation
and rising need for information exchange among providers,
patient’s clinicians and payers, specifies the need for improved
security. For effective delivery of healthcare, privacy and
security is a primary governing principle of patient and medic
relationship. Patients share their information with medical
doctor to facilitate the correct verdict of their illness and
determination of treatment. Automated health care system
(HCS) introducing EHRs and PHRs increase more data risk
which advises privacy and security policies and measures [2-
3]. The use of e-prescribing, billing, EHRs, and PHRs have
extended the health care privacy and security [4]. Biometrics
needs in healthcare sectors is increasing in worldwide
healthcare market which has identification procedures to
improve the risk management by ensuring patient privacy and
medical records for individual patient [5]. Biometrics security
978-1-7281-5263-9/20/$31.00 ©2020 IEEE
Authorized licensed use limited to: Auckland University of Technology. Downloaded on September 15,2020 at 08:58:05 UTC from IEEE Xplore. Restrictions apply.
Sangeetha K Balamurugan E
Department of Computer and
Mathematical Sciences
University of Africa, Toru – Orua,
Nigeria Nigeria
mechanism has unique identity to an individual patient record
which enhances the privacy of patient [6]. Biometrics is
capable than traditional authentication approaches traits cannot
be forgotten that requires manifestation of human authenticated
which is complex to repudiate or forge [7]. Essential needs in
biometric market rates are HIPAA which enforces novel needs
to preserve confidentiality and privacy of information from
healthcare facilities to develop fulfillment for handling new
principles. Biometrics accolade the policy in assuring HIPAA
compliance through [8, 9] new rules and standards. Biometric
provide privacy, User authentication, Web/Network security
and authentication services. HIPAA Security, Privacy and
Breach Notification Rules preserve security and privacy of
patient data and offer humans with definite rights towards
health information. HIPAA rule establishes policies to protect
PHI held by entities and business associates [10]:
x Health policies
x Health care clearing houses
x HCP carry out electronically health care transactions
HIPAA offer protection for health information by giving
patient, rights with information held by Business Associates
(BAs) and Covered Entities (CEs) which has Privacy Rule to
protect privacy of individually health information and Security
Rule with national standards for electronic Protected Health
Information (ePHI) security. HIPAA rules resolves use and
expose of PHI standards towards privacy rights to handle how
patient’s health information is shared like rights to obtain
replica of health records and request corrections [11].
II. HEALTHCARE DATA BREACHES AND SECURITY
PROBLEMS
The electronic health information initiates threats which
surge security breaks possibilities. Healthcare professionals
transmit patient information on internet-based technologies
which raises an alarm in the confidentiality of patient data
[12].In healthcare systems data breaches cause vast monetary
losses to individuals and healthcare providers. It can potentially
affect 61.5 million patients record are observed by many
hospitals and accessed by attackers where impact of data
breach is huge [13]. Causes of data breaches are as follows:
x System weakness is exploited by criminal hackers.
244
 x Computing device of diverse healthcare workers is
stolen.
x Unintentional usage of activities causing data breach.
x Data breaches owing to lapses in integrating third-
party.
x Cause of data leak due to technical glitches
inadvertently.
III. BIOMETRICS IN HEALTHCARE
Biometrics is a biological calculable feature of a person like
iris structures; fingerprints, retinal patterns and so on is unique
for all individual [14]. Biometric authentication cast off
information of individual and uses it to verify identity where
technologies and biometric data structures to provide biometric
security measures. Authentication system has two modes:
Enrolment and authentication mode [15]. In former mode,
individuals are registered by scanning and capturing their
biometrics which can be read with pattern recognition
algorithms and converted to digital biometric templates stored
in healthcare database with other person details. Latter is
authentication which occurs when person attempts to acquire
access to health information of a patient where biometrics are
scanned and matched to templates stored in database at
enrolment time.
Fig. 1. Biometrics in Healthcare
Biometrics is progressively acquiring acknowledgment in
healthcare environment to diminish fraud to attain protect
access to medical facilities and records to decrease costs and to
provide quickest access to those records. It is measured as
safest method to fulfill healthcare system security.
A. Biometrics and Patient Data Security
Biometric technology is a secure authentication system for
protecting patient privacy, adopted by most healthcare
organizations to meet various security incidents deliberately
done by healthcare workers [16]. The systems in healthcare are
password secured where workers access the systems which
have information about patient. The security breach happens
when data is lost owing to recognized password to huge
employees or devices for accessing patient data that are
misplaced or stolen which may fallen to wrong hands. Staff
members authorized and enrolled to information access is
performed with this technology where there is no risk of
245
Authorized licensed use limited to: Auckland University of Technology. Downloaded on September 15,2020 at 08:58:05 UTC from IEEE Xplore. Restrictions apply.
password sharing even if device got stolen; attackers are not
competent to open system, if it is secured in biometrics. With
biometric authentication patient data leakage cannot happen via
unauthorized healthcare system access.
B. Users of Health Information
Patient
The patient wants health information for their current and
future care and to claim insurance.
Medical Doctors’
The clinicians use patient data for medical needs and future
documentation Patient’s, interface with billing and other
providers.
Health & Life Insurance Company
These companies may initiates claim processing and
endorse consultation requests through health information.
Laboratory
The laboratory use patient information to process
specimens and to generate result for patient future reference.
Pharmacy
In pharmacy the patient information is used for filling
prescription, billing.
Hospital
In hospital the patient record is referred for service record,
care provision, vital statistics and regulatory agencies
State Bureau
In state bureau to maintain birth statistics and epidemiology
for everyone health information is needed.
Employer
The employer needs health information to needs claims
data; review claims for reduction and benefits package
adjustments
Medical information bureau
In medical information bureau for fraud reduction of life
insurance companies health information is required.
IV. REGULATIONS GOVERNING PHI AND HIPAA ACT FOR
PATIENT PRIVACY
A. Protected Health Information (PHI)
Individually Identifiable Health Information (IIHI) attained
by health care clearing house or health care provider to past
health plan, mental health or future physical are conveyed,
verbal ad electronic communications PHI. Information about
individual’s present, past, physical or mental health or
condition, health care provision to individual present, past or
future payment for health care provision to individual PHI
comprises numerous identifiers like address, name, Social
Security number and birth date [17]. PHI can be used in
healthcare operation, treatment and payment.
Treatment
In treatment PHI coordinate and manage healthcare activity
by consulting among many healthcare provider, direct and
indirect treatment for patient.
Payment
In payment protected health information acquire health care
reimbursement, coverage determination, billing, health plan
pay claims and medical necessity determinations.
HealthCare Operations
In healthcare operation auditing, credentialing, review
Fig. 2. Criminal Penalties
utilization, training programs and quality assessment can be
done with PHI which support administrative and managerial
activities with HIPAA. Performance Metrics
x FAR and FRR
B. HIPAA Act Role in Securing Patient Data
False acceptance rate is measure of biometric security
Healthcare regulatory observes distressing over data system inaccurately understand access attempt by unauthorized
breaches by implementing significant legislation termed as user. False recognition rate is measure of biometric security
HIPAA was launched in 1996 to protect individual’s health system that inappropriately eliminates access attempt by
information. HIPAA Privacy, Security, and Breach authorized user.
Notification Rules in HIPAA safeguard individuals’ health x Threshold Analysis
information privacy with some rights [17]. HIPAA Act fulfills
access and security of patients’ data for healthcare providers
ܶ‫݁ܿ݊ܽݐ݌݁ܿܿܣ݁ݏ݈ܽܨ݈ܽݐ݋‬
with standard policies and standards. Privacy Rule creates ‫ ܴܣܨ‬ൌ 
standards to use patient’s health records where service provider ܶ‫ݏݐ݌݉݁ݐݐܽ݁ݏ݈ܽܨ݈ܽݐ݋‬
need to incorporate policies which fulfils patient’s data stored
is not subjected to misuse [10]. HIPAA acquire patient ܶ‫݊݋݅ݐ݆ܴܿ݁݁݁ݏ݈ܽܨ݈ܽݐ݋‬
authorization before information disclosure for non-routine ‫ ܴܴܨ‬ൌ 
ܶ‫ݏݐ݌݉݁ݐݐܽ݁ݑݎ݈ܶܽݐ݋‬
purposes. Healthcare provider has to preserve audit logs and
patient information distribution to others. Patient biometric
authentication, data security has emerged as safest options. EER is, ‫ ܴܣܨ‬ൌ ‫ܴܴܨ‬
These industries have realized biometrics significance for
patient privacy and security and accept in steady pace. ‫ ݎ݁ݒ݋ݏݏ݋ݎܥ‬ൌ ͳǣ ܺǢ where ܺ ൌ ‫ ݀݊ݑ݋ݎ‬ቀ
ଵ
ቁ
ாாோ
1) HIPAA: Privacy Rule
Privacy Rule grants individuals with access control rights Failure to Enroll FTE;
and deals with provider’s disclosure and health information use Competency to validate, ‫ ܸܶܣ‬ൌ ͳ െ ሺͳ െ ‫ܧܶܨ‬ሻሺͳ െ
and offers criminal and civil regulation penalties for patient ‫ܴܴܨ‬ሻ
privacy violations.
2) HIPAA Guarantees Patient Rights
HIPAA acquires privacy practices notification from access
providers, copy and inspect medical records. It demands
special spaces on how individual information is broadcasted
and limited on how information is used.
HIPAA rules provide disciplinary action and comprising
employment termination, criminal and civil penalties and
encompass lawsuit for privacy negligence.

Fig. 3. Evaluation Matrix

246

Authorized licensed use limited to: Auckland University of Technology. Downloaded on September 15,2020 at 08:58:05 UTC from IEEE Xplore. Restrictions apply.
 REFERENCES
[1] HIMSS Security Survey,
http://www.himss.org/content/files/2010_HIMSS_SecuritySurvey.pdf
HIMSS, Nov. 3, 2010
[2] HIMSS Analytics Report: Evaluating HITECH’s Impact on Healthcare
Privacy and Security, HIMSS,
http://www.himssanalytics.org/docs/ID_Experts_111509.pdf ,2009
[3] HIMSS Analytics Report: Security of Patient Data Commissioned by
Kroll Fraud Solutions KROLL Fraud Solutions,
http://www.krollfraudsolutions.com/ media/2010_Kroll-
HIMSS_Study_FINAL.pdf, April 2010
[4] Dimitropoulos L, Rizk S. “A state-based approach to privacy and
security for interoperable health information exchange,” Health Affairs,
Fig. 4. Threshold Analysis Graph 28 (2) (2009): 428-434
[5] Jain, A., Ross, A., Pankanti, S.: Biometrics: A tool for information
security. IEEE Transactions on Information Forensics and Security 1(2),
125–143 (2006)
[6] Awad, A.I., Hassanien, A.E.: Impact of some biometric modalities on
forensic science. In: Muda, A.K., Choo, Y.H., Abraham, A., N. Srihari,
S. (eds.) Computational Intelligence in Digital Forensics: Forensic
Investigation and Applications,Studies in Computational Intelligence,
Vol. 555, pp. 47–62. Springer InternationalPublishing (2014)
[7] S. Krawczyk, S., & A Jain ,Securing electronic medical records using
biometric authentication, Springer Berlin/Heidelberg, (pp. 435- 444)
[8] Healthcare Biometric Identity Management
Technology,http://www.versos.com.sa/solutions/iss/iam/healthcare_bi
ometric_iam.htm
[9] Schneider, John K,Positive Outcomes Implementing Biometrics in
Multiple Healthcare
Fig. 5. FAR and FRR vs. Threshold Applicationshttp://www.ultrascan.com/Portals/16/Positive
Outcomes.pdf,201
[10] HIPAA Basics For Providers: Privacy, Security, And Breach
Notification Rules https://www.cms.gov/Outreach-and-
Education/.../HIPAAPrivacyandSecurity.pdf
[11] Privacy and Security of Electronic Health Information
https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-
security-guide.pdf
[12] Ebenezer Okoh , Ali Ismail Awad, Biometrics Applications in e-Health
Security: A Preliminary Survey ,May 2015
[13] Biometric Identity in Healthcare: Reduces Health Care Fraud, Improves
Patient Care and Protects Patient Privacy, from
http://www.ibia.org/download/datasets/727/,(2011, July). Retrieved
September 14, 2013
[14] Harshit Jhaveri , Hardik Jhaveri , Dhaval Sanghavi, BIOMETRIC
SECURITY SYSTEM AND ITS APPLICATIONS IN HEALTHCARE,
International Journal of Technical Research and Applications, Volume
Fig. 6. Equal Error Rate 2, Issue 6 (Nov-Dec 2014), PP. 15-20
[15] Omotosho Folorunsho Segun, Fadiora Babatunde Olawale, Healthcare
V. CONCLUSION data breaches: Biometric technology to the rescue, International
Research Journal of Engineering and Technology (IRJET) Volume: 04
Healthcare industry encounters huge threat from healthcare Issue: 11 ,Nov -2017
databases based security breaches where medical identity and [16] Krawczyk, S., Jain, A.K.: Securing electronic medical records using
patient data is stolen devoid of authorization which causes biometric authentication. In: 5th international conference on Audio- and
financial losses to both healthcare service providers and Video-Based Biometric Person Authentication, AVBPA’05. pp. 1110–
patient. With biometric security based healthcare system 1119. Springer-Verlag, Berlin, Heidelberg (2005)
authentication and identification access is secured and security [17] Medical Privacy of Protected Health Information, ICN 006942 June
threats can be counteracted. Thus biometrics secures patient 2018
data and privacy in the healthcare industry. HIPAA security,
privacy and breach notification rules safeguard health
information security and confidentiality may provide humans
with some personal health information rights.

247

Authorized licensed use limited to: Auckland University of Technology. Downloaded on September 15,2020 at 08:58:05 UTC from IEEE Xplore. Restrictions apply.