ic, financial, and medical history data they contain. Thankfully,
privacy and security measures for health records have long been
established. Covered entities that bill electronically are bound
by HIPAA privacy and security rules. According to a Business
Law Today article, “Biometrics are considered protected health
information (PHI) under HIPAA. Biometrics are considered a
patient identifier and must be removed from PHI when releasing de-identified information. Facial recognition opens a new
area for temptation where an organization’s staff might use the
According to the report published by Georgetown University’s
Center on Privacy and Technology, “Currently state and local
government agencies can conduct searches of their image data-
bases without any safeguards in place.”
5 People’s First or Fourth
Amendment rights need to be considered in this situation. The
article notes, “There is no state requirement for reasonable sus-
picion to warrant conducting facial searches. Periodic facial
recognition system auditing is not required.”
While the Federal Trade Commission has issued best practice
recommendations regarding use of facial recognition data, no
formal laws or rules have yet been established.
6 The Business
Law Today article discussed how some states have started to de-
velop legislation regarding biometric data and third party use.
A few states have started to develop legislation for third party
use and collection of biometric data. These include:
Collection and use of student biometric information (
California and Illinois)
Collection by the government (Missouri, Maine, and New
Collection and use of biometric information by businesses
(Illinois, Texas, Alaska, and Washington)
The public wants criminals caught, but many law-abiding
American citizens’ images (civil government workers, driver’s
license images) exist in those databases. Sensitive situations
exist where privacy is the expectation. Consider the delicate
circumstances of rape, child pornography or sexual trafficking
victims, people participating in the witness protection program,
confidential journalist sources, and domestic violence shelter
residents. In some instances, protective limitations on facial
recognition could save a life.
Lens Options and Lighting: The Challenges
As with any security system, there are those who will storm the
fortress to try to gain access to the valued contents within. Biometrics have a high rate of accuracy, but they are not infallible. The report published by Georgetown University’s Center on Privacy and
Technology notes that “Fingerprinting currently remains more
accurate than facial recognition.”
8 Algorithms are improving, however. According to Hong Kong’s Polytechnic University, a three-dimensional contactless fingerprint identification system has
been developed with an accuracy rate of approximately 97 percent
and processes fingerprints in about two seconds.
fingerprint systems avoid direct contact between the sensor and
the skin’s surface, preventing fingerprint distortion when pressed
against a hard surface. This technology would also be useful in
healthcare since it would prevent the potential to transmit disease.
Algorithms do not factor in racial differences. How accurate are
they in dealing with different races? A 2013 article featured on the
PBS NovaNext website discussed how the facial recognition algorithms used to investigate the April 15, 2013, Boston Marathon
bombing were unable to match the suspects’ faces to their names.
Both brothers were recorded in the state’s driver’s license system,
and one was in the FBI database. The brothers were identified by
publishing their photographs in the media to elicit tips from the
public. This low-tech method produced results where facial recognition had failed.
Facial images change as people age. In an article published by
the American Council on Science and Health, author Erik Lief
recommends new images be taken every four to five years.
Consider the changes seen in a collection of school photos taken over
the years. Driver’s license photos are retaken after several years.
For another example, while MasterCard uses selfies to sign into
accounts, only one faceprint is created. This biometric measurement could be lost as an identifier if that faceprint is ever compromised, or if an individual’s facial features change over time
without updating the selfie.
Images can change significantly due to changes in physical
factors such as weight gain and loss of muscle tone. Cosmetic
surgery is very common and affordable today, and also would
affect facial recognition. Rhinoplasties, rhytidectomy (face lifts),
chin and cheek implants, and brow lifts can significantly alter
facial appearance. Removal or addition of facial landmarks such
as moles and tattoos can also affect facial recognition.
These shortcomings must be noted carefully by healthcare organizations looking to use facial recognition, since misidentification of patients could cause great harm.
Focus the F-Stop: Facial Recognition Technology
Applied to Healthcare
Though it has its limitations, facial recognition technology
promises smoother and safer patient access and information
sharing in the near future. The move to increased technology,
interoperability, and national health information exchange will
lead to improved individual and population health.
The United States has long sought a workable national patient
identifier. The College of Healthcare Information Management
Executives (CHIME) began a competition called the National
Patient ID Challenge with an eye-popping $1,000,000 prize. In
November 2017, however, the challenge was suspended since
the expected results were not achieved. Most of the top contenders attempted a solution using biometric technologies.
Facial recognition can prevent medical identity theft, where
a person steals another’s health insurance, demographic, and
financial data for personal or financial gain. Identity theft can:
Involve blackmail, using sensitive data from the patient’s
medical history (HIV status, past abortion, etc.).
Cause an overlay of a thief’s medical data with the victim’s
medical data. Overlays can result in accidental treatment
errors, especially if one of the parties has an allergy.
Exhaust a patient’s health insurance limits.
Ruin a patient’s credit.
Facial recognition is also uniquely helpful in the healthcare
Smile, You’re on