Home > Projects > Health IT
Print | Email Us

Projects


Health IT

Secure Exchange of Electronic Health Information Demonstration Project

healthIT.png

The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborations with U.S. organizations to provide a platform that allows health care providers to securely document, maintain and exchange clinical information using electronic methods.

Business Challenge

Health care providers can deliver more efficient, more affordable patient care by exchanging electronic health information, but few are able to secure their information transfers. Health care providers need the knowledge and tools to protect the privacy and integrity of electronic health information.

The NCCoE is helping health care providers acquire, integrate and adopt mobile capabilities that are:

• Secure
• Usable
• Interoperable
• Cost-effective


Our Approach

In order to use mobile devices to improve health care, providers should first understand their security challenges, then find a cost-effective security platform combined with practical cybersecurity solutions.

The NCCoE, as part of the Information Technology Laboratory at the National Institute of Standards and Technology, suggests that health care providers account for these cybersecurity challenges:

• Discounting physical security controls increases the likelihood that a health care worker will lose or misplace their mobile device (and stored private health information), or have it stolen.

• Using untrusted client devices allows threat actors to circumvent a device’s security features and access patient records and other private health information.

• Using untrusted networks (e.g., broadband, WiFi, WiMAX and cellular networks) increases the number of opportunities that a threat actor has to circumvent a device’s security features and access patient records and other private health information.

• Interacting with other systems increases a health care worker’s risk of compromising routine activities such as data synchronization and storage.


The NCCoE will resolve these types of cybersecurity challenges in collaboration with U.S. organizations that work with health care providers. The NCCoE invites participation from providers of technical expertise and products in a demonstration project of security platforms for electronic health records.

The first use case in this project considers how physicians use electronic health records on mobile devices. Learn more about the Health IT Mobile Device use case.

Learn More

The Secure Exchange of Electronic Health Information Demonstration Project is expected to run for one to two years and tackle a variety of issues related to securing health information.

If you are interested in participating in this project, please contact us.

Participants should identify the security platform components or capabilities they can offer, including:

• Electronic health information entry and display devices

• Authentication and authorization mechanisms

• Data transfer/communication components

• Electronic health information storage and retrieval components

• Forms generation capabilities

• Printer devices or interfaces

Footer line image