1 / 12

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC. Dept. of Health & Human Services Washington, DC 11 January 2005. Health Care Applications for RFID. Label bulk products Label products for patients (amber vials)

kalani
Download Presentation

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Privacy Implications of RFID Technology in Health Care Settings”Marc RotenbergPresident EPIC Dept. of Health & Human Services Washington, DC 11 January 2005

  2. Health Care Applications for RFID • Label bulk products • Label products for patients (amber vials) • Identify patients - temporary (ID cards) • Identify patients - permanent (implant)

  3. Multiple Privacy Frameworks • Fair Information Practices (FIP) • HIPAA Privacy Rule (2002) • EPIC RFID Guidelines (2004) • Common concern: collection and use of Personally Identifiable Information (PII) • (Non-PII problems arise with data but they are not typically characterized as “privacy concerns”)

  4. Privacy Risks with PII • Data mismanagement: inaccurate, incomplete, out of date • Data misuse: data used for other purposes adverse to the the interests of the data subject (employment, insurance, travel) • Lack of transparency, data subject control • Loss of freedom

  5. HIPPA AND PII • HIPPA Privacy Rule (2002) adopts multiple terms • Health Information • Individually Identifiable Health Information (IIHI) • Protected Health Information (PHI) • Patient Identified Information (PII) • Deidentified Information (DI)

  6. EPIC RFID Guidelines (2004) • RFID Users (no PII) • Duties: Notice, disable tags, removal, accountability • Prohibitions: Tracing, recording data, coercing collection • RFID Users (with PII) • Duties: written consent and application of broad Fair Information Practices, including minimization • Rights of RFID Subjects • Access and correct data, remove tags, hold accountable

  7. Legislative Developments • Int’l Privacy Commissioners affirm application of data protection principles and recommend deletion (2003) • US state bills • Massachusetts and Maryland bills • Maryland established an RFID task force • California bill provides strong safeguards • Hearings at the Federal Trade Commission (2004)

  8. EPIC Recommendations on RFID for NCVHS, HHS • Adopt Four Tier Approach to RFID Policy • Tier 1 (bulk distribution of products): • No links to specific individuals • No collection of PII • No privacy risk • No privacy obligations

  9. EPIC RFID Recommendations (cont’d) • Tier 2 (product distribution to patient): • Privacy risk proportional to collection of PII. • Current privacy rules apply. • Additional rules will be necessary (EPIC RFID Guidelines)

  10. EPIC RFID Recommendations (cont’d) • Tier 3 (temporary identification of patients): • Current privacy rules apply. • Significant risk of identity theft • Security concerns become significant • Can context be limited?

  11. EPIC RFID Recommendations (cont’d) • Tier 4 (permanent identification of patients): • Coercive and profound. Far-reaching ethical implications • Privacy risk is greatest -- permanent loss of control over disclosure of actual identity • More than 1 m animals have been permanently tagged • HHS should prohibit this practice

  12. EPIC RFID References • Privacy and Human Rights: An International Survey of Privacy Laws and Developments 115-123 (2004) • Proposed Guidelines for Use of RFID Technology (EPIC 2004) • “RFID Technology: What the Future Holds for Commerce Security and the Consumer” (House Commerce Committee 2004) • “RFID: Application and Implications for Consumers (FTC 2004) • EPIC RFID Page, http://www.epic.org/privacy/rfid

More Related