NIST Guide Aims To Help Healthcare Increase Mobile Data Security
By Christine Kern, contributing writer
Draft guide open for comments through September 25
The National Institute of Standards and Technology (NIST) has released a draft guide designed to help healthcare organizations increase mobile data security. The guide, NIST Cybersecurity Practice Guide, Special Publication 1800-1: Security Electronic Health Records on Mobile Devices, is a response to the growing need created by increasing use of smartphones and other mobile devices to transmit healthcare data.
The guide was released by The National Cybersecurity Center of Excellence (NCCoE) which “was established specifically to help organizations solve real-world challenges, and this was one of particular concern to the healthcare community,” explained NCCoE Director Donna Dodson. “This guide can help providers protect critical patient information without getting in the way of delivering quality care.”
NIST explains that “the use of mobile devices to store, access, and transmit electronic healthcare records is outpacing the privacy and security protections on those devices.” That was the impetus behind this new guide, which aims to “show healthcare providers how they can secure electronic health records on mobile devices.”
Currently, security on mobile devices is not strong enough to protect against potential compromises of data by hackers. “Mobile devices are being used by many providers for healthcare delivery before they have implemented safeguards for privacy and security,” the agency said.
NIST explains its new draft guide demonstrates ways that existing technologies can meet the needs of healthcare organizations to better protect the PHI in their EHR systems. In particular, the guide reveals how open-source and commercial tools and technologies that meet cybersecurity standards can help healthcare organizations share patient health records more security via mobile devices.
The draft guide can be tailored to a particular organization’s needs, and includes an executive summary, a section on approach, architecture, and security characteristics; a detailed how-to-guide for security engineers; a section on standards and controls mapping; and a section on risk assessment and outcomes.
The draft guide was developed by industry and academic cybersecurity experts, in collaboration with healthcare providers who first identified the challenge. The center then invited technology providers with relevant commercial products to partner with NIST through cooperative research and development agreements and collected public feedback at multiple steps along the way.
“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” Dodson explained. “This guide can be an important tool among the many they use to reduce risk.”
The guide is open to public comments until Sept. 25.