VeriChip Corporation Testimony to the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics (NCVHS) regarding the Privacy Issues Raised by the Use of RFID Technology in Healthcare Settings Especially in the Context of the NHII
January 11, 2005
Richard Seelig, MD
Vice President, Medical Applications
Delray Beach, Florida
My name is Doctor Richard Seelig , Vice President for Medical Applications, VeriChip Corporation, with offices in Delray Beach, Florida.
I would like to thank the Committee on Vital and Health Statistics for the opportunity to participate in this Hearing regarding the privacy implications of RFID technology and we commend your efforts to maintain a sensitivity to the complex interaction between the need to know critical healthcare information and the maintenance of the privacy of that information.
Prior to my comments I would like to read a paragraph from the Executive Summary of the Information for Health: A Strategy for Building the National Health Information Infrastructure Report and Recommendations from the National Committee on Vital and Health Statistics Washington, D. C., November 15, 2001:
“ An overarching principle applies to all the elements mentioned above. It is critically important that the NHII vision and its embodiment be large enough to accommodate major changes in the future. The NHII is by its nature dynamic; every one of the elements listed above will evolve, just as the content of information and knowledge will change. All of the entities contributing to the NHII must therefore think big — especially the Federal Government in its leadership role. In order to coordinate stakeholders appropriately and see that everyone can benefit from the evolving information infrastructure, HHS must craft a national health information policy that is broad and flexible enough to encourage and channel — rather than inhibit — positive change. “
Your Committee is to be commended for its vision, foresight and perseverance in moving forward this important aspect of healthcare services.
My responsibilities include the development and implementation of medical applications specific to the VeriChip technology. I am a board certified surgeon affiliated with Applied Digital Solutions and its business units since 1999. Before joining Applied Digital I practiced in Morris County, New Jersey for twenty years. In addition to my clinical practice, I was a consultant to the United States Surgical Corporation and Davis+Geck in the areas of minimally invasive surgery and new product development. I received a BS degree from the George Washington University, and an MD degree from the University of Medicine and Dentistry of New Jersey, where I am a clinical assistant professor of surgery. On September 16, 2001 I implanted myself with 2 RFID microchips initiating the implementation of the VeriChip technology.
About the Company
Initially I would like to provide a brief description of the VeriChip Corporation. VeriChip Corporation is a wholly owned subsidiary of Applied Digital Solutions.
Applied Digital as its mission develops through multiple business units innovative security products for consumer, commercial, and government sectors worldwide. Unique and often proprietary products within these business units provides security for people, animals, the food supply, government/military arena, and commercial assets. Included in this diversified product line are RFID applications, end-to-end food safety systems, GPS/Satellite communications, and telecomm and security infrastructure.
Personal Background/Evolution of VeriChip
As a consultant for one of Applied Digital’s business units, I recognized that the “Home Again” implantable identification tags for pets had important applications for humans. The first set of applications revolved around the identification of implanted medical devices such as pacemakers and orthopedic hardware. In my clinical experience and discussion with colleagues the need for improved rapid acquisition of accurate detailed technical information regarding these devices was lacking causing many delays and inefficiencies in patient care. I believed that an implantable passive RFID available when needed, linked to an Internet accessible database could provide a clinician access to the need information many months after the procedure was performed and at any facility throughout the country.
Living in the New York area during the 9/11 attack I became aware of rescue workers at Ground Zero writing their badge numbers on their skin with ink markers should they become injured or worse working the “pit” of rubble of the Trade Center. It then struck me that not only was there a need for a secure form of medical device identification, but there was also a need for a more secure form of personal identification and access to information than was then in existence. The experiences of the first days after the fall of the twin towers inspired me to me the move the identification project forward at an accelerated pace.
Incidentally, we are now witnessing a similar horror, and imperatives in Southern Asia as a consequence of the Tsunami, which struck the region ten approximately two weeks ago.
To evaluate the hypothesis, five days after the World trade Center and Pentagon attacks, I implanted myself with two of the veterinary chips and began adapting the concept to a human version that eventually became the VeriChip. Microchips were implanted in both my right forearm and hip since I felt there were more questions to answer than one implantation site could provide.
At this juncture I would like to provide the committee a brief overview of the Radiofrequency Identification Technology courtesy of the RFID Journal:
What is RFID?
Radio frequency identification, or RFID, is a generic term for technologies that use radio waves to automatically identify people or objects. There are several methods of identification, but the most common is to store a serial number that identifies a person or object, and perhaps other information, on a microchip that is attached to an antenna (the chip and the antenna together are called an RFID transponder or an RFID tag). The antenna enables the chip to transmit the identification information to a reader. The reader converts the radio waves reflected back from the RFID tag into digital information that can then be passed on to computers that can make use of it.
How does an RFID system work?
An RFID system consists of a tag, which is made up of a microchip with an antenna, and an interrogator or reader with an antenna. The reader sends out electromagnetic waves. The tag antenna is tuned to receive these waves. A passive RFID tag draws power from field created by the reader and uses it to power the microchip’s circuits. The chip then modulates the waves that the tag sends back to the reader and the reader converts the new waves into digital data.
RFID is not necessarily “better” than bar codes. The two are different technologies and have different applications, which sometimes overlap. The big difference between the two is bar codes are line-of-sight technology. That is, a scanner has to “see” the bar code to read it, which means people usually have to orient the bar code towards a scanner for it to be read. Radio frequency identification, by contrast, doesn’t require line of sight. RFID tags can be read as long as they are within range of a reader. Bar codes have other shortcomings as well. If a label is ripped, soiled or falls off, there is no way to scan the item. And standard bar codes identify only the manufacturer and product, not the unique item. The bar code on one milk carton is the same as every other, making it impossible to identify which one might pass its expiration date first.
What is the difference between low-, high-, and ultra-high frequencies?
Just as your radio tunes in to different frequency to hear different channels, RFID tags and readers have to be tuned to the same frequency to communicate. RFID systems use many different frequencies, but generally the most common are low- (around 125 KHz), high- (13.56 MHz) and ultra-high frequency, or UHF (850-900 MHz). Microwave (2.45 GHz) is also used in some applications. Radio waves behave differently at different frequency, so you have to choose the right frequency for the right application.
What is the read range for a typical RFID tag?
The read range of passive tags (tags without batteries) depends on many factors: the frequency of operation, the power of the reader, interference from metal objects or other RF devices. In general, low-frequency tags are read from a foot or less. High frequency tags are read from about three feet and UHF tags are read from 10 to 20 feet. Where longer ranges are needed, such as for tracking railway cars, active tags use batteries to boost read ranges to 300 feet or more.
Are there any standards for RFID?
Yes. International standards have been adopted for some very specific applications, such as tracking animals. Many other standards initiatives are under way. The International Organization for Standardization (ISO) is working on standards for tracking goods in the supply chain using high-frequency tags (ISO 18000-3) and ultra-high frequency tags (ISO 18000-6). EPCglobal, a joint venture set up to commercialize Electronic Product Code technologies, has its own standards process, which was used to create bar code standards. EPCglobal intends to submit EPC protocols to ISO so that they can become international standards.
What are some of the most common applications for RFID?
RFID is used for everything from tracking cows and pets to triggering equipment down oil wells. It may sound trite, but the applications are limited only by people’s imagination. The most common applications are tracking goods in the supply chain, reusable containers, high value tools and other assets, and parts moving to a manufacturing production line. RFID is also used for security (including controlling access to buildings and networks) and payment systems that let customers pay for items without using cash.
VeriChip System Description
The VeriChip ä System is an implantable RFID microtransponder system intended for personal identification, security access, financial, and health information applications in humans. On October 12, 2004, the Food and Drug Administration cleared VeriChip for medical application use in the United States. On December 10, 2004 the FDA’s Center for Devices and Radiological Health (CDRH) published its Guidance for Industry and FDA staff for Class II Special Controls Guidance Document: “Implantable Radiofrequency Transponder System for Patient Identification and Health Information”.
The patented VeriChip™ microtransponder is a passive device that contains an electronic circuit, which is activated externally by a low-powered radio beam (RFID) sent by a handheld battery powered Pocket Reader. The VeriChip™ is used to store a unique electronic identification number (ID). It is implanted subcutaneously in the rear of the upper arm by means of a small, handheld preloaded introducer. The Reader scans the arm then displays the unique ID number of the implanted VeriChip™ microtransponder. As RFID is employed to obtain the ID number, direct line of sight is not required (i.e. read through clothing). The ID number is used to access a secure database that will provide the implanted person’s identity and other previously entered information such as a link to an Electronic Health Record (EMR) or Personal Health Record (PHR).
I would like to describe in more detail the VeriChip RFID microtransponder as its construction has bearing on raised privacy issues.
The VeriChip™ microtransponder is a patented, small, approximately 12 mm x 2.1mm (0.43in x 0.08in) passive radio frequency (RFID) microtransponder circuit that weighs 0.06gm (0.002 oz.) and is inserted subcutaneously.
The functional components are an RFID (Radiofrequency identification) integrated circuit, a capacitor, and an antenna. The RFID ASIC (Application Specific Integrated Circuit) microchip contains the unique ID number assigned to the microtransponder, and all of the electronic circuitry necessary to allow the number to be read by the Pocket Reader TM . Each integrated circuit is 128 bit read-only with a 16 digit ID. The unique identification number is laser encoded during fabrication; as a result, it cannot be erased or altered after manufacture. The capacitor controls the tuning of the radio frequency. The third primary component of the microtransponder is a coil of copper wire wound around a ferrite (iron) core. This functions as a tiny antenna to pick up the energy from the Pocket Reader TM and to send the encoded ID number from the microchip back to the Pocket Reader TM . The material used to encapsulate the electronics of the microtransponder is a biocompatible medical grade glass.
The implant capsule is partially covered by a friction fit polymer sheath (anti-migration cap). The sheath is designed to facilitate bonding of soft tissue to the implant By incorporating the polymer sheath (antimigration cap), which covers half of the implant; anti-migration capabilities of the implant are provided.
Additional features of the VeriChip™ micro-transponder are:
- The glass encasement will not break under normal use conditions.
- X-ray and CT Scan compatible. MRI compatibility data has been obtained.
- Can withstand a relative humidity of 100%.
The clinical healthcare Applications of VeriChip were presented at the 2nd National Steps to a HealthierUS Summit April 29-30 2004.
At that conference we presented the following premise:
Rapid access to accurate patient information is required for optimal outcomes in medical emergency situations. Chronic illnesses such as seizure disorders, stroke, diabetes, COPD, cardiac conditions, or Alzheimer’s disease frequently initiate medical emergencies. While healthy adults who may be able to verbally provide personal health history, a person with chronic diseases can experience a communication barrier due to loss of consciousness, impaired speech, or memory loss resulting in treatment delays. The challenge is to reliably obtain important information at a moment when the ability to impart it is lacking. Current modalities available to provide information include wallet cards, bracelets, and dial-in telephone numbers. Frequently these aids are not in the possession of a patient when the need for emergency care arises, or the data is incomplete, or conflicting.
An alternative to current information methodologies is VeriChip. A small passive, implantable RFID microchip, VeriChip can provide an identification gateway from the “chipped” individual to a secure database containing patient entered personal identification, family contacts, and healthcare history. Advantages of this technology include: it cannot be lost, stolen, forgotten, altered, or copied; and it is always there when needed. The information is stored on a database, not on the chip, facilitating the updating or expansion of the data via an internet accessible computer.
Chronic disease patients unable to communicate are at a significant disadvantage in the healthcare delivery system compared with those individuals not similarly impaired. By “speaking” for the patient, the VeriChip technology offers an empowering option to obtain a comparable level of care by rapidly and accurately furnishing important or even lifesaving information.
We are all very familiar with the Healthcare Insurance Portability and Accountability Act of 1996.
We believe RFID technology in general and VeriChip in particular to be “HIPPA friendly”.
Specifically, wearable or implanted formats RFID can provide:
- Enhanced protection of individuals’ personal health information especially when compared to other formats.
- Afford control over their health information through system access tracking procedures.
- Boundaries are established on those who are authorized to view and release of health records.
- Establishes many more safeguards, which healthcare providers and others can achieve than with a manila folder or fax machine to protect the privacy of health information.
RFID usage will not impact on or expand on HIPAA’s covered entities or business associate categories or their compliance requirements.
The VeriChip RFID microchip is HIPAA-friendly, because it doesn’t convey a name or any information identifier, only a number that is read by a proprietary scanner which is registered to a healthcare facility.
In January 4, 2005 edition of The Record of Bergen County New Jersey an article “Lifesavers in their arms” was published.
Dr. Michael Gerardi of Morristown Memorial Hospital stated that the chip (VeriChip) conforms to HIPAA.
“We’re heavily invested in electronic medical records,” said Gerardi, chief of pediatric emergency medicine at Morristown. “We’re all concerned with HIPAA, and we do everything we can to maintain security and protect information.”
The government created HIPAA to ensure privacy in electronic billing transactions, Gerardi said. Chip implants will not compromise security, because only health-care providers will have the scanners for reading them, he said.”
Stakeholders invited to participate in the NHII are:
- State and Local Government
- Healthcare Providers
- Healthcare Plans and Purchasers
- Standards Development Organizations
- Consumer and Patient Advocacy Groups
- Community Organizations
- Academic and Research Organizations
- Information Technology Industry , which is the category in which we participate and support the NHII efforts.
We accept the two charges the NHII placed on this category:
- Information technology organizations and trade groups should designate internal representatives to provide strategic leadership and coordination on issues related to NHII development and implementation. Representatives should participate in meetings convened by HHS and collaborative activities with other stakeholders.
- The information technology industry should develop and promote cost-effective healthcare software and technologies that comply with national standards so that they can support the appropriate sharing of electronic information for healthcare providers, consumers/ patients, and public health agencies and the improved delivery of clinical and public health services.
Of interest, the following scenario was presented in November 2001 within the Report and Recommendations from the National Committee on Vital and Health Statistics:
“Responding rapidly to individual emergencies and local public health threats: 66-year-old Mrs. F. and her sister are camping in a national park. While hiking, she experiences severe stomach and chest pains. She activates her wireless automated medical alert system, which includes a global positioning system. It alerts the closest emergency medical team, which arrives quickly. Simultaneously, Mrs. F. ‘s own cardiologist, Dr. Y., in another State receives the same alert. The emergency team, which has standing permission to access relevant medical history in patients’ online records, rushes Mrs. F. to the closest emergency room. All the necessary patient information is available to Dr. X., the physician on duty in the emergency room, when Mrs. F. arrives. After a thorough examination and tests and online consultation with Dr. Y., Dr. X. determines that Mrs. F. probably has gastroenteritis, advises her to drink lots of fluids, and clears her to return to her camping trip. Mrs. F. ‘s electronic personal health history and medical record are simultaneously updated with the information from the emergency room visit. Dr. Y., the cardiologist, is notified that Mrs. F. is cleared to continue her trip. The local public health department automatically is notified and de-identified health information from Mrs. F. ‘s emergency room visit is added to its database on incidents in local parks. That afternoon, health department staff identify a broken sewer line that contaminated park drinking water and caused the outbreak of bacterial gastroenteritis. “
This scenario is very similar to the actual VeriChip healthcare application available today.
We additionally believe that the build out of the VeriChip technology represents a model to support the adoption of the following two important elements of the Initiative:
The health information infrastructure’s proper functioning depends on enactment of national legislation on the privacy, confidentiality, and security of health information. The legislation must specify the conditions under which personal health information may be collected, stored, and shared, as well as penalties for abuses. The HHS privacy regulations are a step in that direction. In this context, it is important to stress what the NHII is not. The NHII does not require an integrated national database of medical records. In fact, healthcare providers will retain responsibility for maintaining their own patients’ medical records. The confidentiality of personal health records and consumers’ control over their own records are basic tenets of this vision, consistent with the HHS privacy regulations. The Committee expects that privacy and confidentiality protections will improve in the context of the NHII
- Systems and applications
Clinical and public health information systems are the chief engines of the NHII. They capture, store, organize, and present data about medical care and population health status that are crucial for routine work, problem solving, planning, and emergency response. Applications enabling these systems to perform and communicate are already quite robust, but they tend to be vertical stovepipes of numerical content only. A fully developed NHII would improve cross-system data exchange and enhance multimedia and geospatial capacities. Essential nondata applications include interpersonal communications (text, voice, and video), remote monitoring and reporting, transactional services such as scheduling appointments and purchasing items, and interactive educational and decision-support tools for professionals and the public.
In a the September 8, 2004 letter to Secretary Thompson reporting on the historic HHS HIT Summit held on July 21, 2004, Chairman Lumpkin stated the NCVHS identified the following areas requiring additional development: The NCVHS would be pleased to assist in developing strategies for establishing a detailed Framework and accomplishing the goals and objectives you select. In addition, we have identified some areas where additional work appears to be needed:
- Understanding, from the consumer and healthcare industry perspectives, approaches, best practices, and issues related to the use of master patient indexes and other methods to assure that healthcare information can be reliably associated with the right individual. NCVHS will schedule hearings on this issue. The Committee recognizes that this is both a standards and a privacy issue and will be examining both aspects.
- Issues related to patient control of their personal health information. Several speakers pointed to deficiencies in the HIPAA privacy rule and the need to balance data exchange that is essential to health care with enhanced personal control. NCVHS will hold hearings on this issue.
- General policy issues related to Personal Health Records. NCVHS will hold hearings this Fall.
- Developing a research agenda for the NHII: what areas need additional research in order to make sound choices? While AHRQ is supporting important work in the healthcare dimension, additional work is needed to support certain strategies in the population health and personal health dimensions of the Framework, such as unifying public health surveillance and encouraging the use of personal health records.
- Issues related to the movement of data between health care, population health, and personal health dimensions and, in general, secondary uses of data from any dimension. These information flows are essential to strengthen quality assessment and improvement, as well as research and other endeavors.
- Developing a comprehensive statement on “Rules of the Road,” including but not limited to interoperability, legal obstacles, and, in general, the key things that potential participants need to know about how to participate in the NHII. NCVHS will also begin to look at this.
- Two issues are important, but we suggest revisiting them in about six months to see how work has progressed: metrics for measuring progress, and conformance testing.
VeriChip Corporate Standards for Maintenance of Privacy
In November 2004 our company issued the following Statement:
To ensure that this attribute is a benefit and only a benefit, we are making privacy our priority and our commitment. It’s good business and it’s responsible behavior for a leader in an area of RFID technology.
The Company’s six-point privacy statement is as follows:
- VeriChip should be voluntary and voluntary only. No person, no employer, no government should force anyone to get “chipped.”
- Privacy must be a priority at the highest levels of our organization and as such we will have a Chief Privacy Officer who, with privacy experts, will be charged with addressing the day-to-day global evolution of this technology.
- We will immediately address privacy and patients’ rights in all consumer, distributor and medical documents related to VeriChip.
- VeriChip subscribers are able have their chip removed and discontinued at any time.
- Privacy means different things to different people, so only the VeriChip customer should designate the groups that may have access to his or her database information.
- We pledge to thoughtfully, openly and considerately engage government, privacy groups, the industry and consumers to assure that the adoption of VeriChip and RFID technology is through education and unity rather than isolation and division.
Our Chairman of the Board has publicly stated that we will work closely with all of our key constituencies, including consumers, distributors and hospitals to make the rapid adoption of the VeriChip(TM) as broad as possible. With significant opportunities for VeriChip(TM) in other areas such as security, we will strive to apply these standards consistently and uniformly across all of our target markets.
VeriChip Corporation stands ready to assist the NCVS in promulgation recommendations which respect the need for privacy yet allow current and future technological advances to improve the quality and effectiveness of medical care especially in the area of automated patient identification and seamless access to digitized medical information. We are confident that under the current doctor-patient relationships and the public’s view of physicians and hospitals as the most trusted guardians of their medical information, the current archaic and inefficient means of managing medical information can be replaced by information systems currently considered routine in all other major business sectors.
VeriChip is an FDA approved implantable passive microchip, which is indicated for patient identification and access to a medical database. An individual voluntarily initiates the process, not a government entity. Every person has a choice. Further, the technology is a reversible biometric. It can be removed as simply as a large splinter, thus eliminating the link to personal information providing the person with greater long term control of personal information access than with a social security number, finger print or other forms of identification.
VeriChip’s principal attribute is its ability to deliver information and verification. To ensure that this attribute is a benefit and only a benefit, we are making privacy our priority and our commitment. We believe it is good business and it’s responsible behavior as a leader in an area of RFID technology.
Again referencing The Record of Bergen County, New Jersey, January 4, 2005 edition:
Rep. Robert E. Andrews, D-Haddon Heights, an advocate of genetic privacy laws, said the chip must be kept strictly voluntary.
“If someone chooses to have such an implant, then it should be legal and encouraged. … But the idea of a hospital implanting a chip without permission is illegal, and should stay illegal,” Andrews said.
The question is not the technology, but how it is used, Andrews said.
“This is a very exciting thing,” said Dr. Gerardi, a past state chapter president of the American College of Emergency Physicians. “The computer could really make a big difference for caregivers worried that their loved ones show up in an emergency department, and no one will know their critical information.
“Everything has its drawbacks and its positives,” he added. “I refuse to let civil libertarians get in the way of a good idea. People out there fear information on a chip. They fear Big Brother. I think that’s nonsense.
“I think life’s more important than the remote possibility of loss of confidentiality. [With the chip] you can markedly improve the efficiency, accuracy and safety of care to people unable to communicate their health needs.”
Mr. Nicholas Minicucci (Founder and President of the Molly Foundation for Diabetes Research located in Mahwah, NJ) agrees.
“Tell me about Big Brother when your daughter or loved one is run over by a truck,” he said. “I don’t want to hear about it.”
I thank the Committee for your invitation to present, and for your kind attention.