[Med-privacy] RFID
Peter Marshall
pwm@comcast.net
Fri, 16 Sep 2005 13:11:31 -0700
--Apple-Mail-24-417919474
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=WINDOWS-1252;
format=flowed
September 14, 2005
Privacy protection in healthcare industry
Inspite of all the potential benefits that RFID offers, it may be a=20
little difficult for the technology to gain complete acceptance in the=20=
healthcare segment if it does not address the privacy concerns of the=20
citizens.=A0 This is because a patient's medical data is highly =
sensitive=20
information and the new technology has to win over the confidence of=20
the patients.
RFID chips are embedded in a person's body with his consent. The chips=20=
carry nothing more than a unique identification number, which can be=20
used to access the patient's records in a database via a web-based=20
application. The major concern is of illegal access to the database=20
that contains the medical history of the patient. If such an incident=20
occurs, it may lead to alteration, theft, or unauthorized disclosure of=20=
the data.
Even though RFID is a new technology, privacy concerns are more or less=20=
the same as they would be for another technology. This means that there=20=
are already several statutory regulations like the HIPPA and the Fair=20
Information Practices that can be used as a reference for instituting a=20=
code of conduct with respect to RFID. The code could cover the=20
following points:
=95 Prior information: Patients need to be appraised =
beforehand of the=20
data management practices of the healthcentre including the type of=20
data collected, its uses, and security policies adopted to safeguard=20
data.
=95 Consent of the patient: The hospital/healthcare center =
can disclose=20
information only in a manner that the patient agrees with.
=95 Review capability: The patient should be able to check =
the data=20
gathered and contest its veracity.
=95 Standards of data security: There would have to be =
certain minimum=20
requisites with respect to data security and integrity that would=20
provide protection against illegal alteration, destruction, and access=20=
of data.
=95 Accountability standards: The code will enumerate =
stringent=20
standards for accountability, enforcement, and redress.
=95 Data retaining and chip disengaging: Patients need to be =
made aware=20
of the steps involved in deactivating the chip and demanding the=20
erasure of the data stored in the RFID-enabled chip.
[RFID Gazette]=
--Apple-Mail-24-417919474
Content-Transfer-Encoding: quoted-printable
Content-Type: text/enriched;
charset=WINDOWS-1252
<=
bold><fontfamily><param>Helvetica</param><color><param>6666,6666,6666</par=
am><smaller><smaller>September
14, 2005</smaller></smaller></color><smaller><smaller>
=
</smaller></smaller><color><param>0000,3333,6666</param><bigger><x-tad-big=
ger>Privacy
protection in healthcare =
industry</x-tad-bigger></bigger></color><bigger><x-tad-bigger>
=
</x-tad-bigger></bigger></fontfamily></bold><fontfamily><param>Helvetica</=
param><color><param>3333,3333,3333</param><smaller>Inspite
of all the potential benefits that RFID offers, it may be a little
difficult for the technology to gain complete acceptance in the
healthcare segment if it does not address the privacy concerns of the
citizens.=A0 This is because a patient's medical data is highly
sensitive information and the new technology has to win over the
confidence of the patients.</smaller></color><smaller>
<color><param>3333,3333,3333</param>RFID chips are embedded in a
person's body with his consent. The chips carry nothing more than a
unique identification number, which can be used to access the
patient's records in a database via a web-based application. The major
concern is of illegal access to the database that contains the medical
history of the patient. If such an incident occurs, it may lead to
alteration, theft, or unauthorized disclosure of the data.</color>
<color><param>3333,3333,3333</param>Even though RFID is a new
technology, privacy concerns are more or less the same as they would
be for another technology. This means that there are already several
statutory regulations like the HIPPA and the Fair Information
Practices that can be used as a reference for instituting a code of
conduct with respect to RFID. The code could cover the following
points:</color>
<color><param>3333,3333,3333</param> =95 Prior information: =
Patients
need to be appraised beforehand of the data management practices of
the healthcentre including the type of data collected, its uses, and
security policies adopted to safeguard data.</color>
<color><param>3333,3333,3333</param> =95 Consent of the patient: =
The
hospital/healthcare center can disclose information only in a manner
that the patient agrees with.</color>
<color><param>3333,3333,3333</param> =95 Review capability: The =
patient
should be able to check the data gathered and contest its =
veracity.</color>
<color><param>3333,3333,3333</param> =95 Standards of data =
security:
There would have to be certain minimum requisites with respect to data
security and integrity that would provide protection against illegal
alteration, destruction, and access of data.</color>
<color><param>3333,3333,3333</param> =95 Accountability =
standards: The
code will enumerate stringent standards for accountability,
enforcement, and redress.</color>
<color><param>3333,3333,3333</param> =95 Data retaining and chip
disengaging: Patients need to be made aware of the steps involved in
deactivating the chip and demanding the erasure of the data stored in
the RFID-enabled chip.
[RFID Gazette]</color></smaller></fontfamily>=
--Apple-Mail-24-417919474--