Researchers propose a method of using patients' electrocardiograph readings as a password or encryption key to access medical records. 

Heartbeat As Password

According to Computerworld, a research team at Binghamton State University in New York is studying a way to use your heart as the key to your personal data. Scientists come to the conclusion that by measuring the electrical activity of the heart it is possible to encrypt patients' health records. The research team's findings have been presented in December 2016, in Washington, at the IEEE Global Communications Conference (GLOBECOM 2016). 

The research project is based on the fundamental idea that in the future it will become possible that all patients to be outfitted with a wearable device that will collect physiological data continuously and transmit it to the patients' doctors. The system would simply reuse the data during transmission because electrocardiogram (ECG) signals are already collected for clinical diagnosis. This way it will become possible to significantly reduce the computational power and the cost needed to create an encryption key from scratch.

Zhanpeng Jin, a co-author of the paper "A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems," said that up to date have been developed many encryption techniques, but most of them rely on random key generations and some complicated arithmetic calculations. Jin added that it is not possible to apply directly those encryption techniques on the energy-hungry wearable and mobile devices. The battery can burn very quickly if those kinds of encryptions are applied on top of the mobile device's apps.

With the present state of the technology, most home computers and web servers can easily handle the processing power required for these operations. However, IoT and smart devices are not offering enough processing power in order to be able to deal with these calculations. Most of these devices end up exposing data because they can't support encryption.

According to Bleeping Computer, the high computational costs of supporting proper entropy and encryption using classic techniques can be avoided if using the ECG-based authentication and data encryption method. An ECG-based biometrics solution would be a viable solution for smart healthcare devices, simplifying the implementation details.

As soon as the patient's heartbeat is acquired, a patient's data and personal files could be immediately encrypted and managed via a central healthcare data storage server, according to researchers. A biometrics sensor could just be pressed by a doctor against a patient's skin for a few seconds and immediately access patient files. In theory, this could safeguard the data from any intruder who is not able to reproduce the user's unique ECG.

The Present State Of The Technology

The ECG encryption has also some drawbacks, according to Jin. Among the reasons why this method has not been widely adopted is the fact that it's generally more vulnerable and sensitive to variations than some other biometric measures. For example, patient's electrical activity could change depending on factors such as mental state and physical exertion. Health, age and other more permanent factors can also have an effect. 

Jin said that ECG itself cannot be used alone for a biometric authentication purpose, but as a secondary authentication, it can become a very effective way. We already have the technology necessary for ECG encryption, but its adoption will depend on patients' comfort with constantly sharing their biometrics ant their willingness to adopt wearables devices.