INTERVIEW: Tom Evangelisti, Director, Mobile Business Development, ImageWare Systems
As part of Healthcare Biometrics Month 2017, FindBiometrics President Peter O’Neill spoke to Tom Evangelisti, Director, Mobile Business Development, ImageWare Systems. The conversation begins with talk of ImageWare’s FDA cleared pillphone mHealth app and the traditional barriers to entry in the healthcare market. The discussion then delves into topics of multi-modality, the advantages of match-on-server authentication in healthcare, the overlap between healthcare and enterprise biometrics, and much more.
ImageWare will be at the HIMSS 2017 healthcare industry conference and exhibition taking place February 19-23 in Orlando, Florida.
Peter O’Neill, President, FindBiometrics (FB): Recently ImageWare announced its partnership with American Biometric Solutions, Inc. revolving around the pillphone mHealth app. Can you explain the specific needs this app serves? Why are biometrics so integral in healthcare communications apps like this?
Tom Evangelisti, Director, Mobile Business Development, ImageWare Systems (ImageWare): Healthcare organizations are one of the most targeted sectors for data breaches. We hear about breaches into patients’ Electronic Health Records (EHR), hacks into the IT systems, patients’ personal information like SSN, home addresses being stolen, etc., almost every day. This tells us that current authentication methods are failing within today’s connected healthcare world. Strong authentication of identity is vital to protect Personal Health Information (PHI) contained within healthcare apps, networks, and devices. Two factor authentication is not enough, and a patient’s medical records simply must be protected! That’s where biometrics comes in.
Multi-modal biometrics – authenticating the user with different types of biometrics – is by far the most effective form of identity authentication: face, voice, fingerprint, eye, hand, etc. Biometrics can be used to identify medical staff, check-in patients, access clinical or medical data, or log into mobile applications. Strong traceable and reliable authentication is the key to maintaining security of sensitive personal information.
The pillphone is ImageWare’s vertical example of what biometrics can do to secure and simplify the login experience for the healthcare sector. It biometrically secures communications between health providers and patients, inside and outside of the organization’s firewall. The pillphone is an enterprise-level mobile communication application platform. As patients carry mobile devices everywhere, pillphone enables medication adherence and chronic disease management by verifying who the patient really is, using his/her physical traits (voice, face, and fingerprint).
FB: pillphone is FDA 510(k) cleared. In healthcare, standards play an important role, and it seems like that often presents a high barrier to entry for new technologies like biometrics. Do you think that’s part of why healthcare has taken a little longer to adopt biometrics en masse than other verticals like finance and fintech? What are some other challenges unique to biometrics in healthcare?
ImageWare: That’s a great question, and you are correct in that ImageWare’s pillphone is an FDA cleared application, and we are the only biometric provider that has this type of offering on the market.
Some hospitals are already exploring the use of biometrics, mainly for patient check-in. For example, when I go to my doctor, I use a palm vein to identify myself at check-in. I believe the historic reason for the healthcare industry being slow to adopt biometrics is due to perceived high cost of hardware, culture, lack of funding, and education on the use of biometrics. When you read about the data breaches that have happened in the last few years, for example, Anthem having 80 million identities stolen, it is clear that healthcare CIOs and security personnel start to realize that it is critical for them to explore biometrics. We believe biometrics is just now hitting its larger adoption phase, particularly for patients and even for physician’s access to their virtual networks.
The pillphone, combined with ImageWare’s multi-modal biometrics, can bring ultimate security with top-notch user experience for the entire mHealth ecosystem, inside and outside of the organization, whether physically or virtually.
FB: Well I think you are absolutely correct, but it is not just in healthcare and finance, it is all industries across the board. ImageWare offers biometric healthcare solutions through a service model. What sort of advantages does offering biometrics on a subscription basis bring to healthcare in particular?
ImageWare: In a nutshell, our solution is installed in minutes and has no upfront costs, so the risk of adoption is minimal. The old model required the organization to purchase physical equipment, add-on services, and yearly maintenance agreements. But when you offer a product as a service, there is no upfront capital expense. You pay as you go. You pay for value received. Also, scalability is a key criterion for any healthcare solution. The pillphone was built on top of ImageWare’s flagship product – our patented Biometric Engine. We can scale to hundreds of thousands of authentications in a single minute. Biometric Engine provides unparalleled flexibility for the user to choose their preferred type of biometric- face, voice, and/or fingerprint – to authenticate. We have always said that biometrics is “situational” – different situations require different types of biometrics. SaaS delivery, combined with situational biometrics, brings increased flexibility and added value to the healthcare industry.
FB: The subscription model is enabled in part by ImageWare’s match-on-server approach to biometrics. Is the server-side matching authentication paradigm particularly suited for the healthcare environment? How so?
ImageWare: Yes, it really is.
Security is really the number one issue all healthcare organizations are facing today, from HIPAA requirements, to data breaches, to protection of patient’s EHRs. Our back-end approach not only gives you the flexibility to authenticate across any device, it also adds another layer of security. Match-on-server lets you enroll biometrics once, and use it anywhere on any device. You do not have to re-enroll if you change or lose your device. Also, your biometric template is stored anonymously on the server, which is separate from PHI that is stored by the health organization.
ImageWare: At ImageWare, we see a lot of overlap with use cases between the healthcare and the enterprise markets. Anytime you need to verify that the right person is accessing secure records or network resources, biometrics is the best way to move forward to enhance or replace current technologies, such as passwords and (physical or soft) tokens. Using one or more biometric to identify a person, really adds that second layer of security helping to ensure that you know the correct individual is gaining access where authorized. With passwords and tokens, you can’t ensure the person’s identity.
The use cases remain very similar for both the healthcare and enterprise markets, they both need to do everything in their power to keep the bad people out, while maintaining a simple and easy to use method of identifying their patients and customers . ImageWare’s solution allows the customer to add biometric authentication within their existing workflow and they can choose the biometrics that best fit within their environment.
By allowing the use of one or more biometrics, we are helping both markets provide their end- users with a flexible, easy to use, secure biometric authentication process.
FB: That flows very nicely into my next question which has to do with multi-modal biometrics, which is a big topic and occurs within all my panels and all our webinars. It is something that always crops up and you started to mention it there favoring flexibility and end-user preference over enforcing a single authentication type. Is multi-modality becoming more important in healthcare too? If so, is it for those same reasons of flexibility and preference, or is there something special that multi-modality can bring to healthcare?
Whenever a hospital, clinic, healthcare provider, etc., reaches out to us, we typically ask them what motivated them to contact us. More often than not, they say that they are looking for a vendor who provides choices in biometric types that are flexible, easy to use, and provide a high level of accuracy. We see multi-modal biometrics particularly important to healthcare due to the nature of the industry. Multi-modal biometric deployment ensures convenient and secure patient login, and compliance with HIPAA regulations, which includes allowing only authorized persons to access EHRs, providing an audit trail from the server side, and ensuring data integrity and consistency. In today’s mobile-first world, Peter, using mobile applications for electronic prescribing, diagnosis and treatment, medication adherence, etc., requires multi-modal biometrics.
Another thing to point out here is our solution’s future-proof capability. We provide end-users the option of using any biometric combination to authenticate, not only limited to face, voice and fingerprint. As a pioneer and innovator in biometrics for decades, we truly understand this market – down the road, organizations will want to add, swap, exchange different types of biometrics, for different situations. As a matter of fact, we know that iris is already making inroads in some healthcare situations. Our patented, purposely-built Biometric Engine fully supports any biometric modalities, fulfills healthcare organization’s authentication needs, now and in the future.
FB: Well Tom, it has been a pleasure speaking with you about what is happening in healthcare. About five years ago, we picked this along with enterprise and fintech as the hot markets and it is a pleasure to speak with what we consider to be one of the leaders in the healthcare biometric market.
ImageWare: My pleasure, Peter. By the way, we will also be attending HIMSS this year and a hot topic is cybersecurity.
FB: HIMSS is February 19-23 so that is great you are going to be there for the healthcare community. Thank you again for speaking with us today.
ImageWare: Thank you Peter. We really believe biometrics can future proof the healthcare industry.