The biometrics industry, which produces technologies to identify people by their natural biological features, such as fingerprints, the patterns in the eye's iris, and facial characteristics is sensing the chance to break out of high-tech security doors and enter the mainstream of daily life.

One of its biggest opportunities is in the field of healthcare. Before long we may all use fingerprint scanners to look at our medical files online. The files will be accessible anywhere, which means that they will always be available - vital if you find yourself in an emergency away from home - and up-to-date since there should be only a single, comprehensive copy of your online file.

The internet also promises to revolutionise the provision of healthcare services - enabling teleconsulting and the sharing of knowledge and medical expertise, through more efficient and cost-effective administration, and allowing patients to find information for themselves, or to get advice without coming to the surgery or hospital.

People will enjoy having instantaneous access to their medical records from any web browser, but will be concerned about privacy with the information being available on the internet, fearing embarrassment or difficulties - including potentially negative effects on their employment and promotion prospects, or on their ability to obtain mortgages or insurance.

US penalties

In the US, the health industry needs not only to gain patients' trust in their security systems to realise the benefits, it needs to show due diligence to avoid extensive penalties of between $50,000 and $250,000 for improper or negligent disclosure of information. The principles were set out in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and the final rules and penalty levels were set by outgoing President Clinton in December. US health companies now have two years to comply fully.

For the healthcare industry, there is a tension between the e-business opportunities and the liabilities of ensuring privacy. Bruce Peck, information security manager at St Vincent Hospitals and Healthcare Services in Indianapolis, Indiana, explains: "Like most healthcare organisations today, we struggle with the increased need to provide electronic clinical information in a time when there is increased scrutiny over privacy and confidentiality. Our goal is to implement effective access controls, while still ensuring that authorised care givers have fast, easy access to critical patient information." The hospital is relying on Computer Associates to meet its obligations under HIPAA.

Keyware, the Belgian/US-based biometrics supplier, was commissioned by the Belgian government to develop a smartcard that identifies citizens by their fingerprints which are encoded on the card. Francis Declercq, Keyware's chief executive, says the cards were issued to all citizens in 1999 and can be used in pharmacies to authorise discounts on prescriptions. In the future, the actual prescriptions may be made out on the cards instead of on paper.

Keyware is now focused on the US opportunity afforded by HIPAA. It has set up eMedicalFiles.com - one of a number of companies aiming to fulfil the US government's goal of providing a unique medical file for every US citizen. Its first customer, a large health insurance company, is due to be announced this quarter, and the company is expecting to have several thousand users by the year end. It will take two to three years before all customers will be using the cards.

In addition to ensuring patient privacy, biometrics are being pitched to ensure physical security in hospitals, for example to control access to wards and maternity units. Airedale NHS Trust in north east England is using fingerprints to provide authorised access to medical research in its library. In the future, biometrics might also be used to counter fraud by better authenticating the identity of health insurance claimants.

Developers of fingerprint-based technologies, however, do not have the field to themselves. Joseph Atick, md cf,kb,9.5 chief executive of New Jersey-based Visionics, a leading company in the development of facial recognition techniques, sees a significant opportunity for its technology in the health industry.

"Doctors need simplicity," he says. "They don't want to have to take their gloves off to use a fingerprint scanner every time they need to access information."

Dr Atick sees a role for other biometric technologies in conjunction with facial recognition. This is known as a layered approach in the biometrics industry and is used typically to increase security, or allow more tolerance to real-world noisy environments without compromising security.

He suggests that a combination of fingerprint and iris scan could be used at the beginning of the day to ensure a strong level of security. Thereafter, facial recognition could be used each time the system is accessed to ensure the person using the system to access information is the same one who originally logged on.

"This function of continuous monitoring - which is only achievable though facial recognition - was originally identified by security agencies as essential in ensuring that only authorised people are able to access a system," says Dr Atick.

There is some debate over whether biometrics will represent a costly overhead, or provide cost savings. A Gartner Group survey concluded that complying with HIPAA would cost the healthcare industry three times as much as fixing the Year 2000 (Y2K) computer problem.

However, unlike Y2K, greater online access to information will provide efficiencies through new forms of service provision and cost savings. US Administration officials, reportedly, have calculated that compliance with the HIPAA regulations will cost more than $17bn over ten years.

Meanwhile, the online availability of standardised medical billing records - also demanded by related regulations - is projected to save the industry nearly $30bn in administration costs.