Tuesday, 28 July 2015

NIST cybersecurity center proposes best practices for mobile EHR security

The National Cybersecurity Center of Excellence, part of the U.S. Department of Commerce’s National Institute of Standards of Technology, is circulating a draft guidance on best practices for securing healthcare data on mobile devices.

The draft, entitled, “Securing Electronic Health Records on Mobile Devices,” is the first in a planned series of guidances on improving cybersecurity across many industries with the help of standards-based technology, the three-year old center announced.

NCCoE developed the draft by running a simulated primary care environment to test the interactions between users, an EHR system and mobile devices. The center then applied commercially available technologies to build tighter controls for mobile EHR security and privacy.

“Using the guide, your organization may choose to adopt the same approach. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments,” the document stated.

The draft guide maps security practices and characteristics to the HIPAA security rule and other standards, then details the technical requirements for addressing security issues before offering how-to advice for health IT professionals.

“This guide can help providers protect critical patient information without getting in the way of delivering quality care,” NCCoE Director Donna Dodson said in a prepared statement.

“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” Dodson added. “This guide can be an important tool among the many they use to reduce risk.”

The NCCoE is taking public comments on the draft through Sept. 25 at this link, or by e-mail that should be addressed to HIT_NCCoE@nist.gov.

In health IT, NIST already is responsible for certifying the certification bodies in the context of Meaningful Use.

View the original content and more from this author here: http://ift.tt/1KuNAH2



from cyber security caucus http://ift.tt/1LPeCdU
via IFTTT

No comments:

Post a Comment