Securing electronic health records on mobile devices
Wednesday, September 30, 2015
Healthcare providers are breaking free from the nursing station and using mobile devices to receive, store, process and transmit patient clinical information from where they happen to be located, when the need presents itself. Sometimes, this is in a cafe over lunch with colleagues or while waiting for their child's baseball game to begin on a Saturday morning.
Along with the convenience, mobile devices used by many of today's professionals present vulnerabilities to the healthcare organization's network, and ultimately to patients. Too often these smartphones, tablets and other devices are being used by clinicians for healthcare delivery before they have implemented safeguards for privacy and security — and this has led to breaches of personal health information.
The National Institute of Standards and Technology (NIST) has stepped forward to help healthcare organizations improve their security of electronic health records (EHRs) on these ubiquitous tools that facilitate important care processes. Their newly released Cybersecurity Practice Guide provides a modular, end-to-end reference design that can be tailored and implemented by healthcare organizations of varying sizes and information technology sophistication.
It guides information technology staff and leadership, using open source and commercially available tools and technologies that are consistent with cybersecurity standards, so those providing care can more securely share patient information.
The guide was built around an environment that simulates integration among mobile devices and an EHR system supported by the IT infrastructure of a medical organization. It walks users through the process of implementing relevant standards and best practices to help doctors, nurses and other caregivers use mobile devices in conjunction with an EHR.
The centerpiece is a hypothetical primary care physician who uses her mobile device to perform reoccurring activities such as sending a referral (e.g., clinical information) to another physician, or sending an electronic prescription to a pharmacy. It highlights the characteristics and capabilities that an organization's security experts can use to identify similar standards-based products that can be integrated quickly and cost-effectively with a healthcare provider's existing tools and infrastructure
The guide demonstrates how existing technologies can be leveraged to meet a healthcare organization's need to better protect the information in EHR systems. And, how security engineers and IT professionals, using commercially available and open-source tools and technologies, can facilitate more secure exchange of patient health records with mobile devices by those in their healthcare organization.
In addition, it:
- maps security characteristics to standards and best practices, including the HIPAA Security Rule
- provides a detailed architecture and capabilities that address security controls
- facilitates ease of use through automated configuration of security controls
- addresses the need for different types of implementation, whether in-house or outsourced
- provides a how-to for implementers and security engineers seeking to recreate the reference design in their own organization
Perhaps most importantly, the Cybersecurity Practice Guide includes step-by-step instructions for assessing and identifying both adversarial (hackers) and nonadversarial (accidental) risk. It takes healthcare leaders through the process of ensuring their organization has implemented a comprehensive and continuous risk management strategy to increase the security of electronic health records.
The complete document is available at:
- Best exercises for gluteus medius strengthening
- Pectoralis minor: Far from a minor problem
- The importance of hip internal rotation
- The top 5 exercises you should be doing
- 17 of the most specific, bizarre ICD-10 codes
- The addictive eye drops that kill
- BSN or ADN? Nursing at a crossroads
- Nurses rally in DC to address staffing issues with Congress
- Law enforcement reforms regarding the mentally ill show gradual improvement
- How to prevent financial fraud at your church
- AMA: Digital health tools are more important than ever to physicians
- What transplant programs and OPOs need to know about coronavirus
- The significance of K12’s acquisition of Galvanize
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How