Researchers at Binghamton University, State University of New York in the US have developed a way to securely gain access to electronic health records (EHRs) using the patient’s own heartbeat.
The researchers believe that using ECG-based authentication to access EHRs could not only be more secure but also a cheaper alternative to traditional security measures like cryptography or encryption.
“The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare. Those systems are gradually replacing clinic-cantered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective,” said Assistant Professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University, Zhanpeng Jin.
“The ECG signal is one of the most important and common physiological parameters collected and analysed to understand a patient’s’ health. While ECG signals are collected for clinical diagnosis and transmitted through networks to EHRs, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added,” continued Jin.
The ECG identification scheme is based on previous work done by Jin that focused on using a person’s unique brainprint instead of traditional passwords for access to computers and buildings combined with cyber-security work from his colleagues, Assistant Professor, Linke Guo, and Associate Professor, Yu Chen.
Since an ECG can change due to age, illness or injury, the researchers are currently working out ways to incorporate those variables.
“This research will be very helpful and significant for next-generation secure, personalised healthcare,” said Jin.
The aforementioned researchers along with PhD candidates Pei Huang and Borui Li, recently co-authored a paper about their work titled: ‘A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems.’
The researcher’s work is supported by Binghamton University’s Interdisciplinary Collaboration Grant (ICG) programme.