Researchers review ethical issues in authentication of patients in medicine using online system

Osaka University-led researchers review ethical issues regarding authentication of participants and patients in medical research/treatment using information and communication technology (ICT), proposing two-factor authentication

With the increase in data volume and dissemination of ICT, online system is being applied to medical research/treatment with high expectations. Not only exchange of research data, but also various modes of communication, including the informed consent process, are being promoted, and it is anticipated that individuals will proactively participate in research by their own volition, forming partnerships between researchers and participants.

At the same time, in order for individuals to participate in medical research/treatment without anxiety, ethical, legal, and social issues (ELSI) associated with the implementation of electronic methods for medical research/treatment should be addressed in earnest. However, research on authentication systems have mostly been performed from a technical perspective, so ethical issues, such as proof of user intent, have not yet been fully discussed.

In this study, the researchers pointed out that authentication systems for medical research/treatment need not only to prevent impersonation, but also to prove intent of research participants and patients.

The researchers discussed authentication by separating "authentication at the time of registration" and "authentication at the time of login". Focusing on the latter, the researchers clarified roles and set out methods of authentication. They discussed problems in current authentication systems from the ethical viewpoints of (1) respect for autonomy, (2) privacy protection, and (3) establishing a relationship of trust. Their research results were published in Frontiers in Genetics.

Lead author Atsushi Kogetsu said, "After much consideration, we proposed two-factor authentication as a workable solution, in which authentication is performed again using a one-off password after authentication via user ID and password. Some ICT specialists had proposed three-factor authentication, including biometrics, but we thought that biometrics had its own challenges and that current three-factor authentication might be cumbersome for users. Based on that, we also proposed the possibility of the necessity of biometrics and its requirements."

This group's achievements will contribute to building systems for medical research/ treatment in which individuals can participate free of anxiety. The research results will become a basis for discussion for ELSI not only about medical research/treatment using ICT, but also about ICT itself in various fields.