Survey of Security Challenges in NFC and RFID for E-Health Applications

Survey of Security Challenges in NFC and RFID for E-Health Applications

Zornitza Genova Prodanoff (School of Computing, University of North Florida, Jacksonville, FL, USA), Edward L. Jones (Florida Agricultural and Mechanical University, Tallahassee, FL, USA), Hongmei Chi (Florida Agricultural and Mechanical University, Tallahassee, FL, USA), Sherif Elfayoumy (University of North Florida, Jacksonville, FL, USA) and Cynthia Cummings (University of North Florida, Jacksonville, FL, USA)
Copyright: © 2016 |Pages: 13
DOI: 10.4018/IJEHMC.2016040101


Hospitals worldwide have implemented High Frequency (HF) Radio Frequency Identification (RFID) networks for supplies tracking in ER setting, in-patient identification, surgical instrument management, and other applications. Merging of Web, Near Filed Communication (NFC), and HF RFID technologies for their combined use in e-Health applications is a logical next step due to the wide availability of NFC-enabled smartphones. This article outlines some resulting security challenges. Tags are often compliant with multiple standards that operate in the same frequency range. For example, HF RFID tags have already been adopted for in-patient tracking, yet smartphone NFC reader apps can freely access data on those tags. While tag– or session–centered security protocols exist for some RFID standards (e.g. ISO/IEC 29167), no ISO security standard is currently available for HF RFID tags. In such systems, proper traffic characterization can lead to better understanding of operation under “normal” system state conditions and could potentially help to identify security breaches.
Article Preview


The financial and other benefits of Radio Frequency Identification (RFID) and Near Field Communication (NFC) applications in e-Health have already been shown to be significant (Akematsu & Tsuji, 2009). As those technologies continue to gain market popularity, some related studied on their security for adoption in e-Health applications have already been published (Lahtela et al., 2008; Marcus et al., 2009; Sethia et al., 2014; Dunnebeil et al., 2011). Figure 1 represents the traditional view of an RFID-based e-Health system, where RFID readers are connected to a database via some implementation of an intermediate terminal (Yao et al., 2012). Middleware that is connected to RFID readers is used for background processing of information associated with tagged objects.

Figure 1.

Traditional view of an RFID-based e-Health system (Yao et al., 2012)

E-Health Systems Comprise of Multiple Subsystems that Implement RFID Technology

Patient tracking and identification and drug administration are the most widely used implementations of RFID technology (13%, 11%, and 12% of all e-Health applications, respectively) (Yao et al., 2012). However, equipment and asset tracking, temperature and chemical sensing, data collection and other implementations for e-Health exist.

Supported in Part by the State of Florida FC2 Center

Organizations such as the American National Standards Institute (ANSI) and the Health Industry Business Communications Council (HIBCC) have recently recommended high frequency (HF) RFID for item level tracking in hospitals because of interference with medical devices in the ultra-high frequency (UHF) range. For example, Saint Joseph's Hospital, a 410-bed facility located in Atlanta, GA, uses HF RFID technology and a Web-based information system for inventory control of high-cost medical devices valued at $2 million in its cardiac catheterization and electrophysiology units (Stepps, 2015). Chang-Gung Memorial Hospital (CGMH) in Taipei, Taiwan, has implemented since 2007 HF RFID wristbands for patients in its surgical and neonatal units (Bacheldor, 2014). Tracking patients with pneumonia by using NFC tagging has been implemented in Karachi, Pakistan (Patil et al., 2014). NFC tags are already used to reduce the risks of administering in-patient medications (Lahtela et al., 2008). A Czech hospital uses HF RFID to track Chemotherapy Drugs (Wessel, 2015). Those are just a few of the available examples.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing