Healthcare Information Security

Patient Privacy News

How Health Data Security Relates to Healthcare Biometrics

With the healthcare biometrics market on the rise, organizations need to ensure they have strong health data security measures in place.

healthcare biometrics growth driven by health data security need

Source: Thinkstock

By Elizabeth Snell

- Increasing government initiatives for improved health data security and privacy have helped aid to the growth of the healthcare biometrics market, according to a recent MarketsandMarkets report.

More healthcare facilities are looking to combat healthcare fraud and medical identity theft, which has also pushed organizations to turn to healthcare biometrics, report authors explained.

The healthcare biometrics market will reach $2,848.3 million by 2021, the report predicted. This is an increase from its $1,182.6 million in 2016. The market’s CAGR will be 19.2 percent in the forecast period.

North America saw the largest increase in healthcare biometrics in 2015 and will likely grow at the highest CAGR of 20.2 percent during the same time frame.

“Healthcare organizations that violate any HIPAA regulations face significant financial penalties,” report authors stated. “This changing regulatory scenario in the North American region has resulted in an upsurge in the demand for efficient security measures in order to comply with these norms.”

Healthcare biometric data is also being considered part of an individual’s “personal information” when it comes to data breaches. More states are updating their data breach notification laws, and are starting to require that organizations need to provide proper notification should biometric data become compromised.

For example, Illinois revised its Personal Information Privacy Act in 2016. The amendments stated that health information and unique biometric data, (i.e. fingerprints, retina, and iris images), as well as user names or email addresses in conjunction with passwords or security question answers are considered personal information.

Health insurance information was also defined as “an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any medical information in an individual's health insurance application and claims history, including any appeals records.”

“An individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional, including such information provided to a website or mobile application,” is considered medical information, according to the revised legislation.

There have been some though who are concerned that federal laws will eventually preempt state law when it comes to data security and privacy issues.

The National Association of Attorneys General (NAAG) wrote a letter to Congress in 2015 maintaining that states need to have the ability to enact and enforce state breach notification.

NAAG also noted that more states were updating their data privacy and security laws as organizations continue to collect more consumer information.

“Some states now include notification requirements for compromised biometric data, login credentials for online accounts, and medical information,” NAAG wrote. “These categories reflect the significant increase in data collection that has occurred over the past ten years and respond to consumers’ concerns about that increase.”

State data breach notification laws are essential to patient privacy, the group stressed. New or updated federal legislation must let states continue to enact and enforce the necessary protections, NAAG said.

“While many companies have become more sophisticated over time in their security practices, we still frequently encounter situations in which companies do not comply with their own security policies, ignore security warnings, neglect to apply critical software patches, and fail to take other measures to safeguard consumers’ information,” the letter read.

States are better equipped to evolve as needed to properly keep pace with the increasingly complex “data-driven economy,” the group stated.

“Many breaches are significant, but not nationwide in their scope,” NAAG said. “A better solution to the problem is for state attorneys general to also be given timely notification of breaches, as many state laws already require.”  

Healthcare organizations need to keep current on state and federal laws with regard to protecting sensitive patient data. Implementing healthcare biometric tools may be beneficial with data security, but entities should ensure they remain compliant through the entire process. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...