RFID: A prescription for privacy
RFID has enormous potential to improve patient care and reduce
health-care costs. It’s also become a lightning rod for patient
privacy concerns. How do you move forward with this vital
Radio Frequency Identification (RFID) plays a broad and rapidly growing
role in the digital transformation of the health-care sector. But the
technology’s ability to transmit and receive data from a distance and track
the physical location—potentially without an individual’s knowledge or
consent—has also raised privacy concerns.
Is there a way for health-care providers to move forward to leverage the
enormous potential of RFID to improve quality of care and reduce costs,
yet also protect patient privacy?
The answer, according to Ontario’s Information and Privacy
Commissioner and HP Canada, is an emphatic yes.
In fact, Ann Cavoukian, Ph.D., Information and Privacy Commissioner
(IPC) of Ontario and Victor Garcia, Chief Technology Officer for HP
Canada, recently co-authored a 37-page white paper to promote
responsible adoption of RFID technology in health care.
RFID and Privacy- Guidance for Health-Care Providers explains how the
technology works; describes the ways in which it is already being used by
providers around the world; and offers expert guidance to health-care
Important and controversial
Invented more than 60 years ago as a way to distinguish friendly from
enemy aircraft in World War II, RFID is a radio-based system that
essentially still consists of a radio transmitter and read-able tag—although
with increasingly sophisticated capabilities that enable it to be used in
ever more innovative ways.
“RFID is a very important and controversial topic,” says Commissioner
Cavoukian, one of the world’s leading privacy experts. “One of the things
that we do in the white paper is to clarify and debunk many of the myths
associated with it.”
She and Victor Garcia served together on the working group for RFID and
Privacy for EPCGlobal, an industry-driven standards body for the
Electronic Product Code™ (EPC). Both were concerned that
unaddressed privacy concerns could slow realization of the considerable
health and cost benefits RFID solutions promise.
“HP is very conscious of the need for privacy as we work with the health-
care sector to apply RFID and other technologies to enhance the quality
of care,” says Garcia. “We understand the healthcare sector, and the
technology. HP has been using RFID in its operations longer than many
“When HP approached us to work on privacy issues with RFID in
healthcare, we were delighted, “says Dr. Cavoukian. A firm believer in
the role that technology can play in protecting privacy, the commissioner
was impressed by the HP commitment to privacy, its use of the
EPCGlobal logo to alert consumers to product packages with an RFID tag
and a policy of always informing individuals about RFID use.
Assess the risk
For many RFID health-care applications, there is actually very little
privacy risk, because no personally identifiable information is involved.
Some hospitals, for example, have begun using RFID-based systems to
track the equipment, instruments and sponges used in surgery to ensure
that these are not left behind inside a patient.
“People die from this,” says Dr. Cavoukian. “It is such an easy thing to
remedy. With an RFID tag on every piece of equipment, it could take a
few seconds, as compared to 20 minutes, to do an accurate inventory.”
Privacy by design
When RFID applications link to data that identifies an individual—either
directly, say, with a hospital ID bracelet, or indirectly, through a package
of prescription medicine—precautions must be taken.
The answer is to holistically and proactively assess and address privacy
and the application of technology from start to end—an approach that the
IPC calls “privacy by design” and HP refers to as “architected IT.”
Encryption, coding information, the appropriate security technology and
severing personal identifiers from transactional data are just some of the
ways privacy can be embedded in the design of an RFID solution.
It’s a mistake, however, to think of privacy only from a technological point
of view, says Garcia. “In a way, RFID has been a lightning rod for privacy
concerns, but the fact is you can walk into many nurses’ stations today
and find private patient information. In fact, RFID can enhance privacy
because information is accessible using special devices, rather than it
being just written down. So, it’s not just technology, but policy,
governance and process issues.”
Another misconception that Dr. Cavoukian’s office works hard to
overcome, is that privacy is a “zero-sum” game—in which more privacy
necessarily means less of something else. A classic example is the
argument that people must give up personal privacy in exchange for
“We couldn’t disagree with that more,” she says. “Privacy doesn’t have to
be adversarial. It can be designed into a system in a positive sum or
win/win way, in which one catalyst builds on the other. So, for example,
the more privacy you have, the more security you have—and the greater
the protection in the whole.”
Follow the personal information lifecycle
Health-care providers must also avoid the tendency to focus narrowly on
the interaction between tag and a reader. Instead, they must see RFID as
part of a larger system—and map the flow of personally identifiable
information throughout that system.
“We’ve seen it with wireless technology, with mobility, with rich media and
now, with RFID. When new technologies emerge, so do the experts,”
says Garcia. “People learn about the specific technology, but they don’t
understand all of the implications, or take the care needed to protect
“Anytime you interface with identifiable individuals and their information is
captured in any capacity, then you have privacy interests,” says Dr.
Cavoukian. “The proper governance structure is essential to control how
this information is collected, retained, used, and who has access to it.”
Develop a culture of privacy
Given the sensitivity of personal health-care information, it’s especially
important for providers to develop a culture in which privacy is top of mind
for everyone in an organization.
“Privacy starts from the top, with the Board of Directors and senior
executives. It is not just the responsibility of one group or a chief privacy
officer,” says Dr. Cavoukian. “A culture of privacy must be infused
throughout the entire organization, so that everyone understands that
protecting patient information is part of your core business.”
As RFID technology continues to develop, with the prices dropping on
ever more miniature and active tags, able to incorporate more sensors,
hold more data, and exchange information over greater distances, the
possibilities and the challenges grow.
“You can’t think you’re going to retrofit it or re-engineer privacy after the
fact,” says Dr. Cavoukian. “You have to architect it in from the start.”
To help organizations get started, the IPC and HP have worked together
to develop a Privacy Impact Assessment (PIA) for RFID in heath-care
“Our office can offer tools like PIAs, advice and training,” says Dr.
Cavoukian, “but we don’t have the resources HP does to help design and
roll out solutions.”
“We use the tool to help assess potential issues in privacy, just like we
use security, network intrusion and other assessments to identify risk—
and recommend actions that may or may not include technology,” says
RFID can save lives the co-authors agree, but only if healthcare
organizations proactively address RFID privacy concerns.
“How sad would it be if a technology that could save your life is not used
because it is misunderstood or wrongly implemented?” asks Mr. Garcia.
Download the white paper: RFID and Privacy- Guidance for Health-Care.
Visit the Ontario Information and Privacy Commissioner (IPC) website.