NIST launches step-by-step cyber guide series
The publication provides IT implementers and security engineers with a detailed security architecture to copy or recreate.
What: "Securing Electronic Records on Mobile Devices," the first document in a new series of publications from the National Institute of Standards and Technology's National Cybersecurity Center of Excellence.
Why: The guide is aimed at providing step-by-step help to health care providers to make mobile devices, such as smartphones and tablets, more secure, and better able to protect patient information, while still leveraging advances in communications technology.
Growing use of mobile devices to store, access and transmit electronic health care information is outpacing privacy and security protections on those devices, putting medical information on them at risk for theft, said NIST.
The publication provides IT implementers and security engineers with a detailed security architecture to copy or recreate with different but similar technologies. The document also adheres to standards and best practices from NIST and others, as well as Health Insurance Portability and Accountability Act rules. The guide also takes into account the need for different types of implementation for different circumstances such as when cyber security is handled in-house or is outsourced.
Verbatim: "In our lab at the NCCoE at the National Institute of Standards and Technology (NIST), we built an environment that simulates interaction among mobile devices and an EHR [electronic health record] system supported by the IT infrastructure of a medical organization."
Public comments on the draft publication are due by Sept. 25 and can be sent to HIT_NCCoE@nist.gov.