The National Institute of Standards and Technology (NIST) is seeking comments on a draft guide that would help healthcare providers make mobile devices more secure to protect patient data. Securing Electronic Health Records on Mobile Devices was authored by both industry and academic cybersecurity experts and provides a roadmap for a security architecture that healthcare organizations can adopt or adapt to their own needs. The draft is available for public comment through September 25, 2015.
“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,”said Donna Dodson, director of the National Cybersecurity Center of Excellence (NCCoE), which operates under NIST. “This guide can be an important tool among the many they use to reduce risk. It can help providers protect critical patient information without getting in the way of delivering quality care.”
According to an announcement from NIST, the team created a virtual environment to simulate the interplay among mobile devices and an electronic health record system in the context of a medical organization’s IT infrastructure. The team worked off the assumed activities of hypothetical primary care physician who relied on her mobile device for routine tasks, such as referring a patient to another physician. The NIST team then developed cybersecurity solutions using commercially available technologies.
To offer comments on the document, visit the NIST website.