A team of health researchers has a come up with a unique way to protect against unwarranted access to electronic health records—use the patient’s heart beat.

Traditional security measures—like cryptography or encryption—can be expensive, time-consuming, and computing-intensive, say researchers at Binghamton University, State University of New York. As an alternative, Binghamton researchers encrypted patient data using a person’s unique electrocardiograph (ECG)—a measurement of the electrical activity of the heart measured by a biosensor attached to the skin—as the key to lock and unlock the files.

The data would be collected from a wearable device such as a web-enabled heart rate monitored or when a patient undergoes an ECG. The unique heart rhythms of each patient would first be uploaded to their individual electronic health record and each rhythm would be used a unique access code.

“The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare,” says Zhanpeng Jin, assistant professor in the department of electrical and computer engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. “Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective.”

Essentially, the patient’s heartbeat is the password to access their electronic health records, Jin says. The identification scheme is a combination of previous work by Binghamton University using a person’s unique brain patterns instead of traditional passwords for access to computers and buildings.

“The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient’s health,” Jin says. “While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added.”

Since an ECG may change due to age, illness or injury—or a patient may just want to change how their records are accessed—researchers are currently working out ways to incorporate different variables, Jin says.