Step-by-step guide demonstrates how health care providers can make mobile devices more secure in order to better protect patient information

The National Cybersecurity Center of Excellence (NCCoE) has released a draft for public comment of the first guide in a new series of publications that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools.

Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access and transmit electronic health care records is outpacing the privacy and security protections on those devices.

Securing Electronic Records on Mobile Devices provides IT implementers and security engineers with a detailed architecture so that they can copy, or recreate with different but similar technologies, the security characteristics of the guide. It also maps to standards and best practices from NIST and others, and to Health Insurance Portability and Accountability Act (HIPAA) rules. The guide takes into account the need for different types of implementation for different circumstances such as when cyber security is handled in-house or is outsourced.

The draft guide was developed by industry and academic cybersecurity experts, with the input of health care providers who first identified the challenge. The center then invited technology providers with relevant commercial products to partner with NIST through cooperative research and development agreements and collected public feedback at multiple steps along the way.

Click here to read the full press announcement from NIST.

July 23, 2015 by National Institute of Standards and Technology (NIST)