28 Jul NIST cybersecurity center proposes best practices for mobile EHR security
The National Cybersecurity Center of Excellence, part of the U.S. Department of Commerce’s National Institute of Standards of Technology, is circulating a draft guidance on best practices for securing healthcare data on mobile devices.
The draft, entitled, “Securing Electronic Health Records on Mobile Devices,” is the first in a planned series of guidances on improving cybersecurity across many industries with the help of standards-based technology, the three-year old center announced.
NCCoE developed the draft by running a simulated primary care environment to test the interactions between users, an EHR system and mobile devices. The center then applied commercially available technologies to build tighter controls for mobile EHR security and privacy.
“Using the guide, your organization may choose to adopt the same approach. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments,” the document stated.
The draft guide maps security practices and characteristics to the HIPAA security rule and other standards, then details the technical requirements for addressing security issues before offering how-to advice for health IT professionals.