NIST SPECIAL PUBLICATION 1800 -1
Securing Electronic
Health Records on
Mobile Devices
Includes Executive Summary (A); Approach, Architecture, and Sec urity Characteristics (B),
How -To Guides (C) , Standards and Controls Mapping (D), and Risk Assessment and
Outcomes (E)
Gavin O ’Brien
Nate Lesser
Brett Pleasant
Sue Wang
Kangmin Zheng
Colin Bowers
Kyle Kamke
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP .1800 -1
The first draft of this publication is available free of charge from:
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit -ehr-nist-sp1800 -1-draft.pdf
NIST SPECIAL PUBLICATION 1800 -1
Securing Electro nic Health Records on Mobile Devices
Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B),
How-To Guides (C) , Standards and Controls Mapping (D), and Risk Assessment and Security
Outcomes (E)
Gavin O’Brien
Nate Lesser
National Cybersecurity Center of Excellence
Information Technology Laboratory
Brett Pleasant
Sue Wang
Kangmin Zheng
The MITRE Corporation
McLean, VA
Colin Bowers
Kyle Kamke
Ramparts, LLC
Clarksville, MD
July 2018
U.S. Department of Commerce
Wilbu r Ross , Secretary
National Institute of Standards and Technology
Walter G. Copan , Under Secretary of Commer ce fo r Standards and Technology and Director
NIST SPECIAL PUBLICATION 1800 -1A
Securing Electronic Health
Records on Mobile Devices
Volume A:
Executive Summary
Gavin O ’Brien
Nate Lesser
National Cybersecurity Center of Excellence
Information Technology Laboratory
Brett Pleasant
Sue Wang
Kangmin Zheng
The MITRE Corporation
McLean, VA
Colin Bowers
Kyle Kamke
Ramparts, LLC
Clarksville, MD
July 2018
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP .1800 -1
The first draft of this publication is available free of charge from:
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit -ehr-nist-sp1800 -1-draft.pdf
NIST SP 1800 -1A: Securing Electronic Health Records on Mobile Devices 1
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800 -1 Executive Summary
▪ Patient information in electronic health records (EHRs) needs to be protected so it is not
exploited to endanger patient health or c ompromise identity and privacy .
▪ If not protected, patient information collected, stored, processed, and transmitted on mobile
devices is especially vulnerable to attack .
▪ The National Cybersecurity Center of Excellence (NCCoE) developed an example solution to this
problem by using commercially available products.
▪ The example solution is des cribed in the “How -To” guide, which provides organizations with
detailed instructions to re-create it. The NCCoE’s approach secures patient information when
practitioners access it with mobile devices.
▪ Organizations can use some or all of the guide to help them implement relevant standards and
best practices contained in the National Institute of Standards and Technology (NIST)
Cybersecurity Framework and in the Health Insurance Portability and Accountability Act (HIPAA)
Security Rule. In areas where there are no standards, such as malware prevention and detection
or antivirus , our solution uses best practices.
CHALLENGE
Healthcare providers increasingly use mobile devices to store, process, and transmit patient
information. When health information is stolen , inappropriately made public, or altered, healthcare
organizations can face penalties and lose consumer trust, and patient care and safety may be
compromised. The NCCoE helps organizations implement safeguards to ensure the security of patient
information when doctors, nurses, and other caregivers use mobil e devices in conjunction with an EHR
system.
In our lab at the NCC
NIST.SP.1800-1 Securing Electronic Health Records on Mobile Devices
安全标准 >
NIST >
文档预览
中文文档
260 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共260页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:09:44上传分享