Today biometrics are known as one of the measures for secure access and often used as a part of even more secure layered authentication. Authentication through fingerprints, facial recognition, or iris scans are used to give access for example to buildings, cars, mobile devices, or data. When it comes to collecting sensitive health information through medical devices and wearables, experts from engineering and technology associations such as IEEE propose to use biometric authentication to secure the access and usage . Additional advantage would be that a smart device recognizes the user and can adapt the service profile just like the latest generation of cars can identify the driver though biometric recognition and adapt seat and airbag positions for safety, allow access to personal information though the infotainment system, etc.
On the downside, biometrics and also biosignals such as ECG could also be misused. Collecting medical data for longer periods of time can create information profiles that can be used to identify a person. This might sound like science fiction but there are several studies of ECG profiles being used for identification . Taking this a step further: according to a report in the MIT Technology Review, the Pentagon is already testing a laser that can identify people by their heartbeat . Other techniques such as gait analysis, which identifies someone by the way he or she walks, have been used in trying to identify infamous terrorists before a drone strike. But gaits, like faces, are not always distinctive enough for a secure identification. An individual's cardiac signature however is unique, like an iris or fingerprint. And while there are undoubtedly legitimate scenarios to use a cardiac signature as identifier there are always options to misuse this information. This brings us back to the reasoning why medical data needs to be treated with the highest security standards.