U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

SP 1800-1 (Draft)

Securing Electronic Health Records on Mobile Devices

Date Published: July 2015
Comments Due: September 25, 2015 (public comment period is CLOSED)
Email Questions to: HIT_NCCoE@nist.gov

Author(s)

Gavin O'Brien (NIST), Nate Lesser (NIST), Brett Pleasant (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE), Colin Bowers (Ramparts), Kyle Kamke (Ramparts)

Editor(s)

Leah Kauffman (NIST)

Announcement

NIST announces the public comment period for Draft NIST Cybersecurity Practice Guide SP 1800-1, Securing Electronic Health Records on Mobile Devices.

The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person's health at risk through misdiagnosis, delayed treatment, or incorrect prescriptions.

Cybersecurity experts at the National Cybersecurity Center of Excellence (NCCoE) collaborated with health care industry leaders and technology vendors to develop an example solution to show health care organizations how they can secure electronic health records on mobile devices. The guide provides IT implementers and security engineers with a detailed architecture so that they can recreate the security characteristics of the example solution with the same or similar technologies. Our solution is guided by relevant standards and best practices from NIST and others, including those in the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Abstract

Keywords

HIPAA; implement standards-based cybersecurity technologies; mobile device security standards; risk management; stolen health records; electronic health record security; stolen medical information; electronic health record system; breaches of patient health information
Control Families

Risk Assessment

Documentation

Publication:
Draft SP 1800-1

Supplemental Material:
Project homepage (web)

Document History:
07/28/15: SP 1800-1 (Draft)
07/27/18: SP 1800-1 (Final)

Topics

Security and Privacy
risk assessment

Technologies
mobile

Laws and Regulations
Health Insurance Portability and Accountability Act

Sectors
healthcare