Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

Published byKenneth Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January."— Presentation transcript:

1 “Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January 2005

2 Health Care Applications for RFID 1)Label bulk products 2)Label products for patients (amber vials) 3)Identify patients - temporary (ID cards) 4)Identify patients - permanent (implant)

3 Multiple Privacy Frameworks Fair Information Practices (FIP) HIPAA Privacy Rule (2002) EPIC RFID Guidelines (2004) Common concern: collection and use of Personally Identifiable Information (PII) (Non-PII problems arise with data but they are not typically characterized as “privacy concerns”)

4 Privacy Risks with PII Data mismanagement: inaccurate, incomplete, out of date Data misuse: data used for other purposes adverse to the the interests of the data subject (employment, insurance, travel) Lack of transparency, data subject control Loss of freedom

5 HIPPA AND PII HIPPA Privacy Rule (2002) adopts multiple terms –Health Information –Individually Identifiable Health Information (IIHI) –Protected Health Information (PHI) –Patient Identified Information (PII) –Deidentified Information (DI)

6 EPIC RFID Guidelines (2004) RFID Users (no PII) –Duties: Notice, disable tags, removal, accountability –Prohibitions: Tracing, recording data, coercing collection RFID Users (with PII) –Duties: written consent and application of broad Fair Information Practices, including minimization Rights of RFID Subjects –Access and correct data, remove tags, hold accountable

7 Legislative Developments Int’l Privacy Commissioners affirm application of data protection principles and recommend deletion (2003) US state bills –Massachusetts and Maryland bills –Maryland established an RFID task force –California bill provides strong safeguards Hearings at the Federal Trade Commission (2004)

8 EPIC Recommendations on RFID for NCVHS, HHS Adopt Four Tier Approach to RFID Policy Tier 1 (bulk distribution of products): –No links to specific individuals –No collection of PII –No privacy risk –No privacy obligations

9 EPIC RFID Recommendations (cont’d) Tier 2 (product distribution to patient): –Privacy risk proportional to collection of PII. –Current privacy rules apply. –Additional rules will be necessary (EPIC RFID Guidelines)

10 EPIC RFID Recommendations (cont’d) Tier 3 (temporary identification of patients): –Current privacy rules apply. –Significant risk of identity theft –Security concerns become significant –Can context be limited?

11 EPIC RFID Recommendations (cont’d) Tier 4 (permanent identification of patients): –Coercive and profound. Far-reaching ethical implications –Privacy risk is greatest -- permanent loss of control over disclosure of actual identity –More than 1 m animals have been permanently tagged –HHS should prohibit this practice

12 EPIC RFID References Privacy and Human Rights: An International Survey of Privacy Laws and Developments 115-123 (2004) Proposed Guidelines for Use of RFID Technology (EPIC 2004) “RFID Technology: What the Future Holds for Commerce Security and the Consumer” (House Commerce Committee 2004) “RFID: Application and Implications for Consumers (FTC 2004) EPIC RFID Page, http://www.epic.org/privacy/rfid

Download ppt "“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January."

Similar presentations

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
Data privacy law in Asia-pacific -introduction to the privacy law in China (mainland China and Hong Kong) Yue Liu

Data privacy law in Asia-pacific -introduction to the privacy law in China (mainland China and Hong Kong) Yue Liu
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.

HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.

Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Similar presentations

Ads by Google