“To offer an additional layer of protection, the health care industry should consider a code of conduct for entities that maintain or permit access to medical data associated with an RFID network. The Fair Information Practice principles and HIPAA’s Privacy and Security Rules offer excellent guidance in developing such a code. Ideally, the code would include the following:”
- “A notice provision.”
- “The ability to amend data.”
- “Assurance of data integrity and security.”
- “Instruction on data retention and chip deactivation.”
- “Reliable accountability and enforcement.”
These guidelines resemble the EU’s privacy mandates and speak to the need for broad privacy protections in the US.