Mobile-focused EHR company drchrono has updated its iPad-based EHR and smartphone-based PHR so that both can be accessed with Apple's Touch ID, a security feature that was added to the latest generation of iPads and iPhones.
Touch ID allows the user of an iOS device to save his or her fingerprint to the device and sync it up with a passcode. Then, in situations where the user would normally type a passcode -- like when downloading an app or unlocking the device -- the user can simply press a fingertip to the phone's start button instead.
"With Apple's Touch ID, for the first time on a mass scale doctors and patients are logging into medical records with biometrics," drchrono COO and cofounder Daniel Kivatinos told MobiHealthNews in an email. "We have released Apple's Touch ID login to over 70,000 physicians using our iPad electronic health record (EHR) and to over 3 million patients using our iPhone personal health record, onpatient PHR. With this launch, I believe this is the largest mobile biometric medical records login push ever."
With the TouchID integration, doctors and patients can log in with three taps -- one to get into the device, one to open the app, and one to establish identity in the app. Once the user has set up Touch ID, they don't need a passcode to access the software, something Kivatinos sees as a major breakthrough.
"I spoke about Touch ID a number of months ago. It is now a reality and changing the world," Kivatinos wrote in a blog post on the company's website. "The amazing thing about Touch ID is that people sometimes forget passwords and pin codes. This changes the game [for] touch technology in healthcare."
While the convenience factor is hard to deny, the obvious question is whether the authentication method will pass muster with HIPAA. After all, researchers have shown that Touch ID can be hacked using little more than Elmer's Glue, given a sufficiently clear fingerprint to work off of. Whether that's easier or harder than learning a password is a subjective question, but when Touch ID -- and Touch ID alone -- is used to protect something as sensitive as medical records, it's one worth asking.
In a 2006 document, HIPAA's guidelines for device security actually include the suggestion to "Consider the use of biometrics, such as fingerprint readers, on portable devices" right alongside the more standard suggestion to "Password protect all portable or remote devices that store EPHI [electronic patient health information]."
For his part, Kivatinos believes biometrics are much more secure than a password, and that the new measure does meet the standards for HIPAA compliance.
"The goal of HIPAA is to protect a patient's information when given to third parties, doctors and others. Apple's Touch ID is a great alternative to a standard password. With biometrics, it is impossible to 'guess' someones fingerprint," he wrote. "Ask yourself this question as a patient, do you remember your personal health record password? If you don't remember it, you can now tap your iPhone to get into your health record. Sometimes patients forget passwords during emergencies and with a biometric login, a patient can simply tap and log into their health record. This will help save lives."