Fingerprints and retinal scans are cool and all, but the cutting edge of personalized encryption may lie right between your ribs. Engineers at Binghamton University, State University of New York, have created a way to use a patient’s cardiac rhythm to encrypt their medical records. They presented their idea at the IEEE Global Communications Conference in December.

The American Recovery and Reinvestment Act of 2009 included a mandate that hospitals, doctors’ offices, and other medical providers switch from paper to electronic records. In theory, it made a lot of sense; paper records are inefficient, bulky, difficult to share among practitioners, and easy to lose. But as so many internet users have learned, it’s difficult and expensive to keep digital information private.

Zhanpeng Jin researches electrical and computer engineering at Binghamton. His team "wanted to find a unique solution to protect sensitive personal health data with something simple, available, and cost-effective,” he said in a statement.

Image Credit: Binghamton University

Jin and his colleagues were fascinated by electrocardiograph (ECG) readings, which record the rhythms of a person’s heartbeat. ECGs are part of standard patient monitoring setups, which means the data is already being recorded and attached to patient records. And because each person’s cardiac signature is unique, the researchers realized, ECG readings could serve almost like very personalized passwords.

It’s a concept as elegant as it is futuristic: re-using existing data to keep that data safe.

"This research will be very helpful and significant for next-generation secure, personalized healthcare," he said.

This is not Jin’s first foray into biometric security; his earlier work includes using “brainprints” as access codes.