As I travel around the country and speak to CTOs and CIOs about their hospitals infrastructure, implementing radio frequency identification (RFID) technology is one of the major items in everyone’s plans. While I’m always happy that RFID is taking hold in the minds of my clients, what worries me is that RFID is not mature enough yet to protect healthcare IT data but most vendors are not telling their customers during demos and pitches.
The security protocols used in today’s RFID systems risk compromising your infrastructure if they are not used properly (and many times even if they are used properly). When reviewing systems you need to make sure you ask vendors to specifically identify and review the inherent security risks of today’s RFID systems. I’ve seen many RFPs and RFIs where security is not mentioned at all or is given less importance so vendors who respond with proposals don’t supply enough information about vulnerabilities.
RFID is of course designed to bring positive changes to healthcare practice and processes but you need to anticipate the potential threats that can arise with these (often misunderstood) new changes and know the limitations of a vendor’s RFID systems.
With HIPAA and associated medical lawsuits we have already started thinking about privacy so just make sure to extend that analysis to think about confidentiality, integrity, and access to your RFID devices and data. RFID is promising lots of cost savings in the future but if you can’t maintain your security standards with what’s available today it’s better to wait until the RFID manufacturers are ready.