Securing Data on Mobile Devices

The National Cybersecurity Center of Excellence (NCCoE) http://nccoe.nist.gov established by Commerce’s National Institute of Standards and Technology (NIST) www.nist.gov, has just released a draft guide now available for public comment.

The draft guide “Securing EHRs on Mobile Devices” provides IT implementers and security engineers with a detailed architecture so that they can copy or recreate different but similar technologies.

Maps to standards and best practices from NIST are included in the guide that takes into account the need for different types of implementation for different circumstances such as when cybersecurity is handled in-house or is outsourced.

The goal is to improve cybersecurity using standards-based, commercially available, or open source tools. Since 2012, NCCoE has been building partnerships with industry and academia to identify cybersecurity challenges and working on solutions in industries such as healthcare.

Industry and academic cybersecurity experts developed the draft guide with the input of healthcare providers who first identified the challenge. NCCoE then invited technology providers with relevant commercial products to partner with NIST through cooperative research, to develop agreements, and collect public feedback at multiple steps along the way.

Then NCCoE built a virtual environment to simulate interaction among mobile devices and EHRs supported by the IT infrastructure within a medical organization. They developed a scenario where primary care physicians would use their mobile device to perform recurring activities.

These activities included sending a referral containing clinical information to another physician or sending an e-prescription to a pharmacy. The next step was to use commercially available technologies to build a solution to improve privacy and security protections.

Now, NCCoE is requesting comments on the first draft guide recently released by September 25, 2015.

Go to http://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices to view the five parts of the draft document. A web form and a template for comments is available.