Dec. 17, 2015

Improving Cybersecurity Standards for Health Records on Mobile Devices

Improving Cybersecurity Standards for Health Records on Mobile Devices

The National Cybersecurity Center of Excellence (NCCoE) has released the first guide in a new series of publications for businesses and other organizations on how to improve cybersecurity using commercially available or open-source tools. The draft guide is a model to help health care organizations implement relevant standards and best practices in maintaining HIPAA compliance, and NCCoE is seeking comment on its content.

“Securing Electronic Health Records on Mobile Devices,” released in late July, demonstrates how health care providers can make mobile devices, such as smartphones and tablets, more secure in an effort to protect patient information. Mobile device use is growing rapidly and information collected, stored, processed, and transmitted on mobile devices is especially vulnerable to attack. According to the new draft guide, security engineers and IT professionals, using commercially available and open source tools and technologies consistent with cybersecurity standards, can assist health care organizations that use mobile devices share patient records more securely.

NCCoE’s website notes that the draft guide was developed by industry and academic cybersecurity experts, with the input of health care providers who first identified the challenge. It is highly technical and most suitable for upper-level IT professionals. Critics have expressed concerns that the guide does not take into account how end-users adopt technology.

NCCoE was established in 2012 by the U.S. Commerce Department’s National Institute of Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md. Since that time, the center has been building partnerships with industry and academia to identify cybersecurity challenges and develop example solutions for the health care, energy and financial services industries.

Read the full guide, “Securing Electronic Health Records on Mobile Devices,” at this link:

https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices

 eDiscovery Practice