RFID (Radio Frequency Identification) tags are small, wireless electronic devices that help identify objects and people. Privacy protection and integrity assurance become rather crucial in the RFID systems, because these RFID tags may have a wide transmission range, making them subject to unauthorized scanning by malicious readers and various other attacks. Hence, Ha et al. proposed an RFID protocol and proved that their protocol can provide the forward privacy service. However, in this paper, it is shown that an attacker can track a target tag by observing unsuccessful previous session of the tag. That is, Ha et al.'s RFID protocol fails to provide the forward privacy protection as claimed. Therefore, to overcome the privacy weaknesses of Ha et al.'s RFID protocol, an RFID protocol based on the cryptographic hash functions is proposed. Moreover, the proposed RFID protocol is evaluated according to both the privacy attribute and the implementation performance.