Dartmouth researchers design bracelet to secure health IT systems

A bracelet designed by Dartmouth University researchers could be a breakthrough when it comes to securing information systems--notably for medical records in healthcare settings.

The bracelet would authenticate users while they are using a computer and would automatically log them out when they step away from it or when someone else steps in to use the machine, according to an announcement from the school.

"In this work, we focused on the deauthentication problem for desktop computers because we were motivated by associated problems faced by healthcare professionals in hospitals," senior study author David Kotz, a professor in Dartmouth's department of computer science, said in the announcement.

Kotz also said that it would be possible to also use the system on mobile devices, such as smartphones and tablets. Mobile devices are one of the biggest security risks for the industry.

The bracelet, known as the Zero-Effort Bilateral Recurring Authentication (ZEBRA), has a built-in accelerometer, gyroscope and radio, which enable it to record wrist movement. This prevents the system from remaining logged in when the user is nearby but not actually typing on the computer, according to the announcement.

The quick reaction of the system can stop mistakes like staff entering information into the wrong electronic medical record, and could prevent a bystander from looking at medical data at a computer left open by an authorized user.

Blair Smith, Ph.D., dean of informatics-management-technology at American Sentinel University, said that the industry has to "move beyond prevention security to proactive response technology," adding that rogue employees also have to be a concern for facilities. The ZEBRA bracelet could be the first of many devices to fight these problems.

However, other steps will need to be taken to secure systems. While many threats to security and privacy are within healthcare organizations, outside actors also take advantage of unsecure systems, like in the case of the Community Health Systems breach.

To learn more:
- read the announcement