The National Cybersecurity Center of Excellence (NCCoE) has released a mobile security guide which is specifically written for safeguarding medical information. The 82-page handbook offers healthcare organisations insights on how to improve mHealth cybersecurity via open-source or commercial tools. The guide currently in draft form is awaiting public comment.

"This guide can help providers protect critical patient information without getting in the way of delivering quality care," according to NCCoE Director Donna Dodson. The NCCoE was established in 2012 by the U.S. Commerce Department's National Institute of Standards and Technology (NIST), the federal agency charged with developing tech standards.

The step-by-step guide explains how healthcare providers can make mobile devices (eg, smartphones and tablets) more secure, in order to better protect patient information and still take advantage of advances in communications technology.

Data show that nearly 90 percent of healthcare providers are currently utilising mobile devices within their organisations.

"We know from working with them that healthcare organisations want to protect their clients' personal information and themselves from the high costs associated with breaches," Dodson notes. "This guide can be an important tool among the many they use to reduce risk."

Securing Electronic Records on Mobile Devices provides health IT professionals with "detailed architecture so that they can copy or recreate with different but similar technologies, the security characteristics of the guide," explain NIST officials. The guide also outlines NIST standards, best practices and other relevant regulations such as HIPAA.

NIST officials describe the new guidelines as including a "virtual environment that simulates interaction among mobile devices and an electronic health record system supported by the IT infrastructure of a medical organisation."

In addition to the how-to handbook, the new NIST guidelines include a 16-page manual on relevant mobile device standards and controls mapping, specifically written for the healthcare industry. For each related technology, for instance, say key management, there is a corresponding table of applicable standards and links to the standards.

The document delineates risk assessment and outcomes, based on the business workflow of a typical EHR user.

Comments on the draft guide can be sent to [email protected] by 25 September 2015. The draft document in five parts, a web form and a template for comments are available at:

https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices

Source: National Institute of Standards and Technology
Image credit: Flickr.com

«« 3D-printed Drug: Breakthrough in Precision Medicine


Algorithm Helps Predict Patients' Deadly Sepsis »»



Latest Articles

healthmanagement, mhealth, NIST, technology, EHR, mobile, smartphones The National Cybersecurity Center of Excellence (NCCoE) has released a mobile security guide which is specifically written for safeguarding medical information.