Medical QR Code Curiosities
By: Bill Mathews

A few days ago, I had the “pleasure” of checking in to the Urgent Care center in my neighborhood hospital. When I was triaged I was issued a nifty little bracelet that had some information printed on it. Nothing major, just my patient number, name, sex, birth date and some other random looking codes on there. The thing that piqued my interest though was the QR code printed on it. And since the staff were more than a little inefficient I had plenty of time to explore the bracelet.

I started by scanning the code with my trusty Galaxy Nexus and fully expected either encrypted gibberish back or a link to some internal, locked down website where all these electronic medical records are stored… nope, I just got back good old plain text. That shocked me, okay not really but I didn’t think it would be quite that simple. I was then interrupted by a nurse telling me it would be just a few more minutes, this after about an hour of sitting there. After the brief interruption I explored the data I got back a bit.

W;0387432;216784;MATHEWS, WILLIAM;12/31/1969;39Y / Male;11/04/2012;800032334;;;Doctor, Primary J, DO;

Obviously I changed a lot of the data I got back because, well, I don’t really want you guys having that data (which is why the entire ordeal concerned me). Now almost all of this information was found printed on my bracelet anyway so it wasn’t that big of a deal, I’m really just laying this out here for my own curiosity. Does anyone know the purpose of QR codes on the bracelets? I would love to know what the various codes are for (only one was printed on the bracelet) and I’d like to know why there were empty fields. I was also curious because while I also had a big red bracelet that said “ALLERGY ALERT” none of my allergies were listed in this data set or on the printed bracelet. I’m not in the medical profession so I’m genuinely concerned at what the actual use of the QR codes is and why isn’t other relevant, important information readily available in the QR dataset?

Just to sum up, I’m not saying this is a huge privacy or security issue. I’m just a really curious person that likes to know how my information is being used. I’m not an alarmist by any stretch but since my data is involved, I would like to know what precautions are being taken to protect it. We get so preoccupied with sites like Facebook and Google handling our information, but we almost never hear people get up in arms about hospital procedures. That is of course until the hospital is involved in a data breach and all your data is exposed (of course that would never happen).