Patient Palm Scans as a Fraud PreventerBiometric Technology Improves Patient Safety
Within a year, the academic medical center hopes to register a majority of its 2.5 million patients with the technology, which helps ensure clinicians use the right electronic health records and makes it more difficult to commit insurance fraud, Sauk says.
"We have five to 10 cases per week where a patient is accidently registered to the wrong medical record," Sauk says. "It's a patient safety issue."
In an interview (transcript below), Sauk:
- Explains why the medical center applied the biometric technology to patients before clinicians. The CIO is hopeful of winning funding for clinician use next year.
- Describes why palm scanners are preferred to fingerprints scans because "most people associate those with criminality."
- Outlines how the palm scanning technology works.
- Describes how the scanners are used at registration areas of all facilities, with kiosks to be added soon.
Sauk has served as vice president and chief information officer for UW Hospital and Clinics since August 2006. Previously, Sauk held the positions of senior vice president and CIO for the City of Hope National Medical Center in Duarte, Calif., and CIO at UCI Medical Center in Orange, Calif. He also served as director of information services at Detroit Medical Center.
HOWARD ANDERSON: I understand you are in the process of implementing palm scanners to verify the identity of patients and link them to their electronic health records. Why did you decide to make that investment, and what problems does it help you address?
MICHAEL SAUK: Well actually ... I found the technology. ... It had been implemented in the Carolinas and Florida by a vendor using Fujitsu scanning technology. I had actually looked at it initially thinking it would be great for authentication by our clinicians into the Epic electronic health record system. When it was presented to us by the vendor, they mentioned that they also found that it's been extremely well accepted by patients who have their palms scanned and then automatically bring up their correct medical record.
... Every academic medical center ... has issues with people having similar names and even the same birth dates. We have five to 10 cases per week where the patient is accidently registered to the wrong medical record. Since it's an electronic medical record, we really can't let that happen because all of a sudden you've linked the patient with different allergies, test results and medications. So it is a safety issue; what primarily drove our looking at the technology was patient safety, not only from the standpoint of medical care, but safety to ensure that their identity is not somehow misconstrued or a mistake is made with their identity.
ANDERSON: Did you consider other forms of ID verification for patients, and why did you select this one?
SAUK: There really isn't a lot out there for patients. A lot of people have done things with fingerprints. I don't think a lot of people have done stuff with ... eye scanning. But it really was just an opportunity to improve our processes and to ensure that the right patient is matched up with the right record during registration.
How Biometrics WorksANDERSON: Tell us how the palm scanning technology works.
SAUK: Fingerprints are actual images of the print, whereas the palm scanning technology plots out the veins in the palm and blood flow. What is actually stored on the disk is binary one-zero-one-zero type storage of the palm print. It is more accurate than the fingerprint. We didn't consider fingerprint scanners because most people associate fingerprints with criminality. In looking at videos on the web from the two hospitals on the East Coast that have implemented it, and coverage that was given by their local media, we saw a favorable impression by the patients of protecting their identity and ensuring that they are associated with their medical records. There was no hesitancy to having their palms scanned.
Now we've had a few patients who have said no, because it is voluntary. But my feeling is that after a period of time, when they see their colleagues or their friends or family agreeing to it, they'll eventually come back and say, "That's fine."
It is totally secure. The scan information would be of no value to anyone else if was captured. We do not share it with anyone, and it's a totally private and secure process and storage.
Authentication for PatientsANDERSON: How many patients have been enrolled so far, and how many do you anticipate in enrolling eventually?
SAUK: It's been up about three weeks. We have about 20,000 unique patients that have had their palms scanned. Of those, about 3,000 have already come back multiple times and checked in via the palm scan. The hospital in the Carolinas has scanned about 700,000 patients. University of Wisconsin Hospital and Clinics has about 2.5 million unique electronic patient records, so it will be more than a year before we have the type of penetration on storage of palm prints to make it truly effective. So that I would say that a majority of patients checking in have already been pre-scanned and there are scanned images available.
It's a not a quick fix. ... It takes a period of certainly a year before its effective.
Enterprisewide AuthenticationANDERSON: Now are the scanners typically hooked up to a PC in the registration area? Or are they going to be part of kiosk.
SAUK: Well we will use multiple methods. And by the way, when we say we've begun the implementation, we actually have fully implemented it at every single one of our sites. There isn't anywhere you would register or be admitted for our hospital that there isn't the palm scanning operation in place. The only thing we haven't implemented, but we will probably by January, is affixing the palm scanners in our kiosks for check-in. That is just a matter of finding the time to get those connected. But we are 100 percent up on palm scanning technology.
ANDERSON: And that is at your clinic sites as well as your two hospitals?
SAUK: Correct. And we've done this project with our UW Medical Foundation, our physician group, because they run about 25 clinic sites in addition to the hospitals' six clinic sites. So we've implemented it enterprisewide, wherever a patient would be registered.
Identity Theft PreventionANDERSON: So over the long haul, once it's fully implemented and you have lots of patients enrolled, how might the technology help prevent identity theft or payment fraud?
SAUK: We had an incident within the last couple of months involving twin brothers in their early twenties. One had insurance and one didn't. The twin that didn't have insurance came in and attempted to use the insurance on the twin that did have insurance. The only problem with that was obviously the wrong medical record could have been associated with the twin who brought in his brother's insurance card. So we have ... three to four cases per week where somebody is trying to fraudulently use somebody else's insurance.
The palm print is 99.9 percent accurate in associating a medical record with a patient. Even your right hand is different from your left hand, and your palm print is 100 percent different than anyone else in the world. So the accuracy in this is such that if we have the palms scanned, they are going to be associated with the right record and fraud won't occur.
Authentication for CliniciansANDERSON: Now you said at the outset that you originally investigated this technology for use by clinicians. So are you using it for them yet?
SAUK: I'm going to propose that in our capital budget for next year. The clinicians are saying, "I'd like to use that for check-in on the nursing units" so they can access systems in a very quick fashion. So there is some excitement on the part of our clinicians to make that the authentication method for signing into our EHR.
ANDERSON: So in the meantime how are you authenticating them now?
SAUK: They type in their user ID and password.
Patient Identification AdviceANDERSON: What advice would you have to other healthcare organizations considering their patient ID verification options, based on your experience?
SAUK: I don't see a downside. It's not a super-difficult system to implement. We did it in about two months. The vendor did the scripting to be able to sign into Epic EHR using the scanned image. We are the first Epic customer with this technology. The investment from a capital prospective is far less than $100,000. And we've had very good press on this because people are interested in and are worried about identity theft. They are worried about identity theft as it would harm their credit. But I think identity theft identity theft as it relates to your healthcare record, your medical record, is probably more important. ...
ANDERSON: What about the decision to use it with patients first and staff second, did that work out well for you?
SAUK: Absolutely because it would require far more scanners to do electronic sign-in authentication to our EHR for all clinicians; we're talking like probably five times more scanners. So we were able to do this with a rather small technology investment. ...