RFID is good for many things but increasing security is not one of them

As I travel around the country and speak to CTOs and CIOs about their hospitals infrastructure, implementing radio frequency identification (RFID) technology is one of the major items in everyone’s plans. While I’m always happy that RFID is taking hold in the minds of my clients, what worries me is that RFID is not mature enough yet to protect healthcare IT data but most vendors are not telling their customers during demos and pitches.

The security protocols used in today’s RFID systems risk compromising your infrastructure if they are not used properly (and many times even if they are used properly). When reviewing systems you need to make sure you ask vendors to specifically identify and review the inherent security risks of today’s RFID systems. I’ve seen many RFPs and RFIs where security is not mentioned at all or is given less importance so vendors who respond with proposals don’t supply enough information about vulnerabilities.

RFID is of course designed to bring positive changes to healthcare practice and processes but you need to anticipate the potential threats that can arise with these (often misunderstood) new changes and know the limitations of a vendor’s RFID systems.

With HIPAA and associated medical lawsuits we have already started thinking about privacy so just make sure to extend that analysis to think about confidentiality, integrity, and access to your RFID devices and data. RFID is promising lots of cost savings in the future but if you can’t maintain your security standards with what’s available today it’s better to wait until the RFID manufacturers are ready.

Newsletter Sign Up

One thought on “RFID is good for many things but increasing security is not one of them

  1. Colin Jervis of the FutureHealthIT blog on the other side of the Pond posted on the same subject recently, with some good examples of how things can go wrong – “RFID – Is the Tag Tipping?” (http://www.futurehealthit.com/2006/08/rfid_is_the_tag_tipping_1.html). His ideas are very much in line with yours. I posted similar concerns last week in my “Upgrade Your Baby” post (http://hunscher.typepad.com/futurehit/2006/08/upgrade_your_ba.html).

    It seems like this is another technology that has been over-hyped. It clearly has its uses, but it’s not clear yet just what uses are most practical and safe in the healthcare arena. It has concerned me for a while, and it’s good to see so many health IT pundits share that concern.

Add Comment