Recent developments in privacy and healthcare: Different paths for RFID in Europe and North America?
Faculty of Computing, Health and Science
School of Computer and Security Science / Security Research Centre (secAU)
This paper traces the impact of six major RFID-relevant events in Europe since May 2009. It outlines the findings relevant to RFID and privacy in healthcare as published in the June 2009 RAND report and relates them to subsequent developments including the explicit inclusion in November 2009 of RFID in the E-Privacy Directive of 2002. The paper focuses on the process of implementation of the European Commission’s May 2009 Recommendation of Privacy and RFID and especially the implications for healthcare providers in the form of the new requirement (in Europe) for Privacy Impact Assessments (PIAs). The paper indicates three main areas of concern highlighted by the July 2010 Opinion of the EU’s Art 29 Working Party which may be relevant to healthcare providers considering deployment of RFID. Following a comparison with the situation obtaining in North America, the paper concludes that PIAs will form part of the likely scenario for legal requirements or at the very least impact the actual design of RFID deployed in the healthcare sector in both Europe and North America.