Heartbeat-Based Encryption May be the Future of Electronic Health Record Security

Researchers are currently working to use patient heartbeats as a way to unlock their electronic health records (EHRs). This unconventional method would use the heart’s specific electrical pattern as an encryption key to access a patient’s medical information, according to a study conducted at Binghamton University.

"The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare," said co-author of the study Zhanpeng Jin, PhD. “Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective.”

Standard security measures­ ―such as cryptography or encryption­ ― are expensive, time-consuming, and require computation. These methods also may leave patient information vulnerable to cyberhackers, who have mastered the skills necessary to break into these records.

The new proposed method would encrypt patient data using patients’ electrocardiograph (ECG) as a unique key to gain access to their records.

"The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient's health," Dr Jin said. "While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added."

In simple terms, a patient’s heartbeat would become the password to their EHRs, which contains a multitude of different information. According to the US Centers of Medicare and Medicaid Services, EHRs may contain demographics, notes, problems, medications the patient is taking, vital signs, medical history, immunization records, laboratory data, and radiology reports.

While this information can greatly improve the care a patient receives, traditional encryption methods have resulted in health insurers and hospitals becoming the victim of cyberattacks where patient information is compromised.

This new ECG-based password system is a combination of previous research conducted by the team of investigators related to using a person’s “brainprint” to access computers, buildings, and cybersecurity work, according to the study.

"This research will be very helpful and significant for next-generation secure, personalized healthcare," Dr Jin said.

However, a patients’ ECG can change at any point in time due to age, illness, or injury, and they may prefer an alternative way to access their information. The researchers are currently working on methods that incorporate changes or patient preferences into their system, the study concluded.