cannot assure patients that the personal information contained on RFID tags will be appropriately protected
I’d assumed that all that is in the tag is some kind of ID number and that all of the identity management takes place at the back end. Not that this neutralises privacy worries, but let’s get the big picture sorted out. It shouldn’t make any difference to the overall “privacy state” of the system whether I have the number on a bracelet, a tattoo or an implant, should it?
The situation with respect to patients is, in this instance, the same as the situation with respects to handbags or brake pads. All that the chip discloses is a number. What that number means can only be established by reference to some other database via some other servers (eg, the savants of the retail RFID environment). It is there that the security policies need to be established and enforced. Who is allowed to know what about the patient, for example. I wouldn’t have thought that the patients name was of much interest to, say, a heart monitor, so why tell it? If anything, this might be mechanism for providing patients with more privacy, not less.
Just because they could pose a privacy risk doesn’t mean that we shouldn’t use them. After all, computers pose a privacy risk. As do mobile phones. As, in fact, do doctors. In fact, so does pretty much everything, which is why it’s hardly surprising that anyone looking at the topic comes to essentially the same conclusion: ie, that there is a balance between the benefits of RFID technology and the potential for misuse of the data generated. In which case, what should we do? Broadly speaking, it seems to me that it’s too soon to make any sweeping statements of strategy or policy
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]