TRUSTED RFID EVENT MODELING FOR AUDIT, SECURITY, AND PROVENANCE IN PATIENT APPOINTMENT WORKFLOWS

Mykyta Smolenskyi; Ievgen Sidenko

doi:10.20998/2079-0023.2026.01.04

Authors

Mykyta Smolenskyi Petro Mohyla Black Sea National University, Ukraine https://orcid.org/0009-0008-3071-4350
Ievgen Sidenko Petro Mohyla Black Sea National University, Ukraine https://orcid.org/0000-0001-6496-2469

DOI:

https://doi.org/10.20998/2079-0023.2026.01.04

Keywords:

RFID, patient identification, trusted events, audit, provenance, appointment workflows, healthcare information systems

Abstract

This paper is devoted to the development and investigation of an approach to auditing, security, and provenance of RFID-based patient interactions within appointment-centered workflows in medical information systems. The paper analyzes the limitations of traditional RFID implementations in healthcare, which are typically focused on simple identifier retrieval and do not ensure contextual integrity, traceability, or verifiability of clinical actions, leading to risks related to inconsistent medical records and reduced reliability of appointment outcomes. The proposed solution treats RFID readings as trusted context-aware events embedded into the lifecycle of a patient appointment and forming a verifiable chain of clinical interactions. A formal model of a trusted RFID event is introduced, incorporating actor, temporal, spatial, and clinical context parameters, enabling its use as an atomic unit of audit and provenance. The approach establishes a relationship between RFID event chains and appointment results, where the outcome of a patient visit is derived from a sequence of validated and contextually consistent events rather than solely from declarative records. To ensure interoperability and standardized audit mechanisms, the proposed model is aligned with HL7 FHIR resources, including AuditEvent and Provenance, enabling representation of both event-level actions and their origins within a unified framework. A risk-based approach to RFID infrastructure security is incorporated, allowing differentiation of protection mechanisms depending on the criticality of clinical interactions. The client–server architecture of the medical information system is extended with event-driven server-side processing of RFID interactions, ensuring validation, authorization, and consistency of clinical workflows. The results demonstrate that the proposed approach improves auditability, traceability, and reliability of RFID-based patient appointment management compared to traditional identification-centric solutions, making it suitable for deployment in real healthcare environments requiring high levels of trust and accountability.

References

Choudhury L. S., Vu C. T. Patient Identification Errors: A Systems Challenge. PSNet [Internet]. Rockville (MD): Agency for Healthcare Research and Quality, 2020. Available at: https://psnet.ahrq.gov/web-mm/patient-identification-errors-systemschallenge (accessed 10.03.2026).

World Health Organization. Global patient safety action plan 2021– 2030: towards eliminating avoidable harm in health care. Geneva: World Health Organization, 2021. 86 p.

Want R. An Introduction to RFID Technology. IEEE Pervasive Computing. 2006, vol. 5, no. 1, pp. 25–33. DOI: 10.1109/MPRV.2006.2.

Yao W., Chu C.-H., Li Z. The Use of RFID in Healthcare: Benefits and Barriers. Proc. of the 2010 IEEE Int. Conf. on RFID-Technology and Applications. 2010, pp. 128–134. DOI: 10.1109/RFIDTA.2010.5529874.

Haddara M., Staaby A. RFID Applications and Adoptions in Healthcare: A Review on Patient Safety. Procedia Computer Science. 2018, vol. 138, pp. 80–88. DOI: 10.1016/j.procs.2018.10.012.

Ajami S., Rajabzadeh A. Radio Frequency Identification (RFID) Technology and Patient Safety. Journal of Research in Medical Sciences. 2013, vol. 18, no. 9, pp. 809–813.

Abugabah A., Nizamuddin N., Abuqabbeh A. A Review of Challenges and Barriers Implementing RFID Technology in the Healthcare Sector. Procedia Computer Science. 2020, vol. 170, pp. 1003–1010. DOI: 10.1016/j.procs.2020.03.094.

Rosenbaum B. P. Radio Frequency Identification (RFID) in Health Care: Privacy and Security Concerns Limiting Adoption. Journal of Medical Systems. 2014, vol. 38, no. 3, article 19. DOI: 10.1007/s10916-014-0019-z.

Ţiplea F. L. Security and Privacy Requirements for RFID Schemes in Healthcare: Case Studies, Solutions, and Challenges. Procedia Computer Science. 2024. DOI: 10.1016/j.procs.2024.09.494.

HL7 International. AuditEvent – FHIR v4.0.1 [Internet]. Available at: https://www.hl7.org/fhir/R4/auditevent.html (accessed 10.03.2026).

HL7 International. Provenance – FHIR v4.0.1 [Internet]. Available at: https://www.hl7.org/fhir/R4/provenance.html (accessed 10.03.2026).

Dal Mas F., Massaro M., Rippa P., Secundo G. The Challenges of Digital Transformation in Healthcare: An Interdisciplinary Literature Review, Framework, and Future Research Agenda. Technovation. 2023, vol. 123, article 102716. DOI: 10.1016/j.technovation.2023.102716.

Rahmani A. M., Babaei Z., Souri A. Event-Driven IoT Architecture for Data Analysis of Reliable Healthcare Application Using Complex Event Processing. Cluster Computing. 2021, vol. 24, pp. 1347–1360. DOI: 10.1007/s10586-020-03189-w.

Riplinger L., Piera-Jiménez J., Pursley Dooling J. Patient Identification Techniques: Approaches, Implications, and Findings. Yearbook of Medical Informatics. 2020, vol. 29, no. 1, pp. 81–86. DOI: 10.1055/s-0040-1701984.

ECRI. Top 10 Patient Safety Concerns 2021 [Internet]. 2021. Available at: https://www.ecri.org/top-10-patient-safetyconcerns-2021 (accessed 10.03.2026).

Dehzangi O., Taherisadr M., ChangalVala R. IMU-Based Gait Recognition Using Convolutional Neural Networks and Multi-Sensor Fusion. Sensors. 2017, vol. 17, no. 12, article 2735. DOI: 10.3390/s17122735.

Kusuda K., Yamashita K., Morishita E., Ishibashi N., Shiraishi Y., Yamaguchi H. Comparison of Reading Times of RFID-Tagged and Barcode-Engraved Surgical Instruments. Journal of Surgical Research. 2024, vol. 304, pp. 121–125. DOI: 10.1016/j.jss.2024.09.087.

Profetto L., Gherardelli M., Iadanza E. Radio Frequency Identification (RFID) in Health Care: Where Are We? A Scoping Review. Health and Technology. 2022, vol. 12, no. 5, pp. 879–891. DOI: 10.1007/s12553-022-00696-1.

Abugabah A., Al Smadi A., Houghton L. RFID in Health Care: A Review of the Real-World Application in Hospitals. Procedia Computer Science. 2023, vol. 220, pp. 8–15. DOI: 10.1016/j.procs.2023.03.004.

Luschi A. Exploring Radio Frequency Identification (RFID) in Healthcare: Promises Fulfilled or Forsaken? Technology and Health Care. 2024, vol. 32, no. 4, pp. 2847–2849. DOI: 10.3233/THC231784.

Raso E., Bianco G. M., Bracciale L., Marrocco G., Occhiuzzi C., Loreti P. Privacy-Aware Architectures for NFC and RFID Sensors in Healthcare Applications. Sensors. 2022, vol. 22, no. 24, article 9692. DOI: 10.3390/s22249692.

Marjamaa R. A., Torkki P. M., Torkki M. I., Kirvelä O. A. Time Accuracy of a Radio Frequency Identification Patient Tracking System for Recording Operating Room Timestamps. Anesthesia & Analgesia. 2006, vol. 102, no. 4, pp. 1183–1186.

Khan M. A., Ullah S., Ahmad T., Jawad K., Buriro A. Enhancing Security and Privacy in Healthcare Systems Using a Lightweight RFID Protocol. Sensors. 2023, vol. 23, no. 12, article 5518. DOI: 10.3390/s23125518.

Li S., Xu L. D., Zhao S. The Internet of Things: A Survey. Information Systems Frontiers. 2015, vol. 17, no. 2, pp. 243–259. DOI: 10.1007/s10796-014-9492-7.

Pimenta N., Chaves A., Sousa R., Abelha A., Peixoto H. Interoperability of Clinical Data through FHIR: A Review. Procedia Computer Science. 2023, vol. 220, pp. 856–861. DOI: 10.1016/j.procs.2023.03.115.

Gubert L. C., da Costa C. A., Righi R. R. Context Awareness in Healthcare: A Systematic Literature Review. Universal Access in the Information Society. 2020, vol. 19, pp. 245–259. DOI: 10.1007/s10209-019-00664-z.

Pautasso C., Zimmermann O., Leymann F. RESTful Web Services vs. "Big" Web Services: Making the Right Architectural Decision. Proc. of the 17th Int. Conf. on World Wide Web (WWW 2008). Beijing, 2008, pp. 805–814. DOI: 10.1145/1367497.1367606.

Fernández-Alemán J. L., Carrión Señor I., Oliver Lozoya P. A., Toval A. Security and Privacy in Electronic Health Records: A Systematic Literature Review. Journal of Biomedical Informatics. 2013, vol. 46, no. 3, pp. 541–562. DOI: 10.1016/j.jbi.2012.12.003.

Grieves M., Vickers J. Digital Twin: Mitigating Unpredictable, Undesirable Emergent Behavior in Complex Systems. In: Transdisciplinary Perspectives on Complex Systems. Cham: Springer, 2017, pp. 85–113. DOI: 10.1007/978-3-319-38756-7_4.

Radanliev P., De Roure D., Page K., Nurse J. R. C., Mantilla Montalvo R., Santos O., Maddox L., Burnap P. Cyber Risk at the Edge: Current and Future Trends on Cyber Risk Analytics and Artificial Intelligence in the Industrial Internet of Things and Industry 4.0 Supply Chains. Cybersecurity. 2020, vol. 3, no. 1, article 13. DOI: 10.1186/s42400-020-00052-8.

Mandel J. C., Kreda D. A., Mandl K. D., Kohane I. S., Ramoni R. B. SMART on FHIR: a standards-based, interoperable apps platform for electronic health records. Journal of the American Medical Informatics Association. 2016, vol. 23, no. 5, pp. 899–908. DOI: 10.1093/jamia/ocv189.

Joint Task Force. Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. NIST Special Publication 800-37 Rev. 2 [Internet]. Gaithersburg (MD): National Institute of Standards and Technology, 2018. Available at: https://csrc.nist.gov/pubs/sp/800/37/r2/final (accessed 10.03.2026). DOI: 10.6028/NIST.SP.800-37r2.

TRUSTED RFID EVENT MODELING FOR AUDIT, SECURITY, AND PROVENANCE IN PATIENT APPOINTMENT WORKFLOWS

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Information

Developed By