September 14, 2005

Privacy protection in healthcare industry

Inspite of all the potential benefits that RFID offers, it may be a little difficult for the technology to gain complete acceptance in the healthcare segment if it does not address the privacy concerns of the citizens.  This is because a patient's medical data is highly sensitive information and the new technology has to win over the confidence of the patients.

RFID chips are embedded in a person's body with his consent. The chips carry nothing more than a unique identification number, which can be used to access the patient's records in a database via a web-based application. The major concern is of illegal access to the database that contains the medical history of the patient. If such an incident occurs, it may lead to alteration, theft, or unauthorized disclosure of the data.

Even though RFID is a new technology, privacy concerns are more or less the same as they would be for another technology. This means that there are already several statutory regulations like the HIPPA and the Fair Information Practices that can be used as a reference for instituting a code of conduct with respect to RFID. The code could cover the following points:

  • Prior information: Patients need to be appraised beforehand of the data management practices of the healthcentre including the type of data collected, its uses, and security policies adopted to safeguard data.
  • Consent of the patient: The hospital/healthcare center can disclose information only in a manner that the patient agrees with.
  • Review capability: The patient should be able to check the data gathered and contest its veracity.
  • Standards of data security: There would have to be certain minimum requisites with respect to data security and integrity that would provide protection against illegal alteration, destruction, and access of data.
  • Accountability standards: The code will enumerate stringent standards for accountability, enforcement, and redress.
  • Data retaining and chip disengaging: Patients need to be made aware of the steps involved in deactivating the chip and demanding the erasure of the data stored in the RFID-enabled chip.

--
Did you enjoy this post?

September 14, 2005 in Standards | Permalink

Free RFID Newsletter

Subscribe to The RFID Gazetteer, published monthly. Enter your email address:

« Learning from the early adopters | Main | IBM Seeks to Standardize RFID »