March 16, 2009
Is RFID Technology Too Nosy?
By Lindsey Getz
For The Record
Vol. 21 No. 6 P. 20
There are a lot of good reasons why healthcare organizations should implement RFID technology, but privacy and security issues raise debate about its worthiness.
Well established in the business world as a means of tracking inventory or as a key component in employee security cards, radio-frequency identification (RFID) technology has been on the market for decades. However, only recently has it begun to show up in other areas of everyday life. RFID technology can now be used to track pets, monitor vehicle traffic, or even follow pharmaceuticals to prevent counterfeiting.
And it has been rapidly gaining interest for its potential applications in the healthcare industry. The technology is being considered not only to track equipment or data but people, too. It can be used to track hospital patients or even remotely monitor patients from their homes. However, it is these types of applications that have caused some to denounce it as a “Big Brother” surveillance tool.
There are certainly a lot of useful ways that RFID technology could be integrated into healthcare operations, but concerns about privacy and security have continued to linger. And these aren’t issues that have eluded the rest of the world either. When Nike and iPod first released their joint Sport Kit, which allowed runners to track statistics such as time, distance, and calories burned, privacy concerns were also voiced. Fueling the fire was a demonstration in which University of Washington researchers showed that they were able to create a surveillance system that could track people through the Sport Kits. Although the RFID chips provide no personal identifying information, they could still be used as a means of surveillance to keep track of people’s whereabouts—and that had a lot of people questioning whether that was a fair trade-off.
Keeping track of inanimate objects, such as hospital medical devices and property, through the use of RFID technology isn’t quite as controversial on the privacy front. Hospitals often have a difficult time keeping tabs on equipment such as pumps, IV stands, and defibrillators. RFID can help because it essentially works like a GPS system, showing hospital staff where to find what they’re looking for. A small tag or device is placed on the equipment and emits a radio wave that can be read by the hospital’s network of receivers. The location of the equipment then shows up on the network.
The benefits of tracking medical equipment are plentiful. Knowing where a particular machine is located ensures that it is readily accessible when needed. It also reduces the possibility of it being lost or stolen. And easy access can even keep daily operations flowing smoothly.
“Just being able to find your assets quickly provides a hard dollar return on investment,” says Matt Perkins, chief technology officer of Awarepoint, a company offering RFID asset tracking and real-time location system solutions for the healthcare industry. “For example, if a pump is needed and the hospital has made use of RFID technology, an Internet browser would pop up and indicate where the nearest unused pump could be located. Because hospitals can’t literally keep an eye on equipment that is constantly moving around, this is a way to provide visibility to all their assets. They will no longer have any shortage of equipment, and they’ll also know where things are located.”
Perkins adds that implementing RFID can also reduce the need or cost of rentals. “A lot of equipment has to be rented to keep up with the hospital’s needs, but it may be unnecessary,” he explains. “For instance, if the nurses report they don’t have enough fluid pumps, they’ll just do a quick rental, but they may already have pumps available that they simply couldn’t locate. Another issue involved with rentals is that they’ll keep the rented pump around for longer than needed because they’ll forget they have it or it, too, becomes lost. Both situations are costly, and RFID technology could have prevented them from happening.”
Keeping track of patient data or records using RFID technology can also be useful and even prevent errors. Hospitals often deal with errors associated with incorrect identification, says Rajit Gadh, PhD, a professor and the director of UCLA’s Wireless Internet for Mobile Enterprise Consortium, whose lab has been developing various healthcare applications for RFID technology. Gadh refers to a report from the Institute of Medicine that found the cost of medical errors, including the expense of additional care necessitated by the errors, disability, and lost income and household productivity, to be between $17 billion and $29 billion each year for hospitals nationwide. “I believe that RFID can be a key enabling technology in helping drive down preventable errors,” he says.
Gadh offers a potential scenario in which RFID could prevent a crucial mistake. “If a non–English-speaking patient comes to the radiology department of a hospital and shares the similar name of a fellow patient, x-rays could get switched, and there could be an incorrect diagnosis,” he says. “But you could use RFID to track the x-ray plates and the patients themselves. As the patient and the x-ray plates move around the hospital, it becomes easy to keep track of them and ensure the correct data is attached to the correct patient.”
Using RFID technology to track patients’ whereabouts for their own safety, as well as to limit the hospital’s liability, is also a consideration. “Alzheimer’s patients are prone to wandering, so this technology can be used to keep an extra eye out on them,” says Perkins. “You can make sure they haven’t wandered into an area where they shouldn’t be. It’s really a way to keep them safe.”
Similarly, Gadh says his lab has been developing PediaTrak, a technology that would track newborns in a hospital’s nursery. “If there were any unauthorized movement, like the baby heading toward a door when it should not be, then the hospital could quickly locate the situation and deal with it,” he says.
In addition to monitoring patient movement, some RFID enthusiasts say that tracking employees could add to the technology’s attractiveness. For example, RFID applications could allow healthcare organizations to locate the whereabouts of doctors during an emergency. Perkins also says that the data collected from RFID tracking could actually prove that a particular hospital is understaffed in certain departments or that staff in certain areas are being overworked. “It’s a great way to prove what’s really happening instead of just making the claim,” he says. “So it ends up being a positive thing.”
Not necessarily, according to privacy advocates, who say it is this type of use—where people are being tagged and tracked for surveillance—that raises flags. They argue RFID is ideal for tracking inventory or perhaps pets but that when it starts monitoring the movements of human beings, a line has been crossed.
“With each new technology that becomes more and more invasive, I’d argue that anyone concerned with issues of privacy needs to push for stronger privacy rights,” says Sue A. Blevins, founder and president of the Institute for Health Freedom. “This chip of technology changes the issues dramatically because it’s no longer just data about the patient that’s being tracked but also the patient’s actual whereabouts. It adds a greater level of concern.”
However, Gadh says a randomized ID number placed on the RFID tag should alleviate privacy concerns. Under this premise, the randomly assigned number is meaningless to anyone who doesn’t have access to the hospital’s database. “Privacy issues are alleviated because the person reading the tag would have to get past a firewall to log on to the database and interpret the information,” he says. “And only with proper authorization and HIPAA compliance would that information be released to anyone else.”
However, this would require that institutions work to set their own guidelines to ensure that employees—especially those with access to the database—are acting ethically, says Blevins. This is generally a bigger concern with high-profile patients. For example, Cedars-Sinai Medical Center recently told the Los Angeles Times that approximately three or four workers are terminated annually for trying to peek at patients’ records.
But even for the average patient, there are frequent news stories of patient data being stolen or compromised. Last year, The Wall Street Journal reported that nearly 50,000 patient records had been breached at NewYork-Presbyterian Hospital/Weill Cornell Medical Center. And last summer, the FBI reported investigating a theft of medical records at Grady Memorial Hospital in Atlanta.
“Stealing paper hospital charts was not easy to do in the past,” says Blevins. “I can remember working as a nurse, years ago, and paper hospital charts were stored on a rack where many physicians and nurses could access them. But I don’t recall ever hearing of a stolen hospital chart where I worked. However, moving those charts online could make it easier for hospital records to be stolen if strong security measures and privacy rights are not in place.”
Additionally, privacy rights are essential to gaining a patient’s trust, adds Blevins. “Trust really matters,” she says. “Polls have shown that if a patient does not trust their privacy will really be protected, they will not be as forthcoming with information. That’s a concern not only on the individual patient level but also because studies are often based on patients giving their own medical history or describing symptoms. In the end, if privacy rights are not upheld, quality data won’t be obtained and the quality of healthcare and research could suffer as a result.”
While these privacy and security concerns are real, it seems most institutions are still strongly interested in adopting RFID technology in one form or another. A study recently conducted by BearingPoint and the National Alliance for Health Information Technology found that nearly three quarters of healthcare organizations plan to invest in RFID technology during the next two years. As they transition toward adoption, hospitals will also have to work toward establishing their own set of regulations and guidelines to keep the technology strictly controlled. It may have some people anxious about a possible slippery slope, but it seems inevitable that the technology will be widespread throughout the healthcare industry.
— Lindsey Getz is a freelance writer based in Royersford, Pa.