Australian Information Security Management Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


4th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th December, 2006


This paper focuses on the increasing use of electronic surveillance systems in hospitals and the apparent lack of awareness of the implications of these systems for privacy of the individual. The systems are used for identification and tracking of equipment, staff and patients. There has been little public comment or analysis of these systems with regard to privacy as their implementation has been driven by security issues. The systems that gather this information include video, smart card and more recently RFID systems. The system applications include tracking of vital equipment, labelling of blood and other samples, tracking of patients, new born babies and staff. These applications generate a vast amount of digital information that needs to be correctly secured to protect the privacy of the individual. Separately each type of information has value, but if this information were analysed together then the intelligence that can be gleaned from this could become a major threat to privacy and security. There are various standards and legislation that cover healthcare information, such as CCTV, but are these known and what are the compliance levels? RFID use is increasing in the hospital sector and this is being linked with the patient medical record as it is becoming core to treatment in some hospitals. The indications are that this will become normal practice which means that surveillance information from RFID systems will be linked much more closely to a patient’s medical record. Managers, owners and custodians of information within hospitals need to be aware of the issues and take steps to ensure that staff are fully aware and trained in information handling practices. They also need to ensure that external parties who handle surveillance information are compliant with standards and good practice.