Article published at MIT Technology Review -
Using Patient Fingerprints to Break Down Medical Record Silos
A startup company is using encryption and fingerprint authentication to compare medical records across providers. For the over 40 million people served by the more than 300 health systems working with startup CrossChx, checking in for a doctor’s appointment is much like unlocking an iPhone. All you need is your right index finger. Touch it onto a fingerprint reader at the check-in desk, and your identity is verified. Your driver’s license can stay in your wallet.
As well as making doctor visits simpler and preventing fraud, CrossChx’s founders say that its system can eventually help free U.S. patient records from the inefficiencies and errors imposed by the usually isolated and often outdated IT systems of health-care providers.
Although the U.S. government has spent billions to encourage uptake of electronic medical records, many of the intended benefits have proved elusive. CrossChx says that it has found that 14 percent of records have serious identity errors, for example. And it is difficult for patients to compile a complete medical record and get it to a new provider, which can lead to unnecessary or ill-chosen tests and treatments.
Sean Lane, CEO and cofounder of CrossChx, says that using fingerprints to offer a strong, common identity system for health providers provides a crucial piece of plumbing needed to materialize the intended but missing benefits of electronic health records.
“Identity is the foundation you need to build to make portability and all these other grand ideas possible,” says Lane. He hopes to see patients one day have a copy of their own medical record inside a mobile app, and be able to transfer it to a new provider instantly without having to fill forms.
CrossChx is based in Columbus, Ohio, and has received $20 million in investment funding, including from Khosla Ventures, which is betting heavily that computing technology will transform health care (see “More Phones, Fewer Doctors”).
CrossChx doesn’t yet move patient medical records between providers. But providers are using the startup’s fingerprint ID and accompanying encryption software to compare records between different health systems to detect errors, without the actual data having to be disclosed.
A person’s fingerprint generates a unique ID code that’s used to find and compare records for the same person with different providers. CrossChx’s encryption is designed such that errors like typos in a person’s name or social security number can be flagged without disclosing the real data, allowing health providers to take action to fix missing information. CrossChx doesn’t store images of patient fingertips, only cryptographic codes generated from them that can’t be used to reconstruct a person’s unique fingerprint.
Niam Yaraghi, a fellow at the Brookings Institution who studies healthcare IT, says that CrossChx has made impressive progress on a longtime problem for the U.S. health system. “Providing a unique patient ID is a very significant step forward, both medically and politically,” he says. “It is an important step toward interoperability.”
Privacy concerns have blocked previous attempts on the problem, Yaraghi says. And in 1999 Congress passed legislation prohibiting the U.S. Department of Health and Human Services from spending federal funds on development of patient ID technology. Yaraghi says that the need for better patient ID technology is now even more acute, due to the fact that patient records are now commonly stolen by hackers (see “Hackers Are Homing In On Hospitals”).
Lane says that people are now much more comfortable with using fingerprints to secure data thanks to the technology appearing on smartphones. His plan is to add more features to its ID plumbing system, gradually making more and more possible with medical records.
The company has built a kind of “app store” where health providers can buy software that works with medical records secured by CrossChx’s encryption software, for example to manage waiting times. Later this year, CrossChx plans to release a mobile app for consumers where they can compile a version of their health record on their phone. Eventually, Lane says, that app will be capable of linking into CrossChx technology for health providers, allowing patients a way to control access to their own records.
However, despites CrossChx’s impressive start, Yaraghi at Brookings says the company’s quest to fix America’s blighted health records system won’t be easy. Signing up 300 providers is a good start, but not everyone is ready to abandon the traditional worries that shared ID systems pose privacy and legal risks, he says.