Standard Name
NIST Cybersecurity Practice Guide SP 1800-1, Securing Electronic Health Records on Mobile Devices (Draft)
Industry Standard
NIST
Publication Number
SP 1800-1
Standard Date
7/28/2015
Standard Link
https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices
Securezoo Overview
The National Institute of Standards and Technology (NIST) has released a Draft NIST Cybersecurity Practice Guide SP 1800-1, Securing Electronic Health Records on Mobile Devices.

The new publication is made up of 5 parts: 
  • Draft SP 1800-1a: Executive Summary 
  • Draft SP 1800-1b: Approach, Architecture and Security Characteristics (for CIOs, CISOs, and Security Managers) 
  • Draft SP 1800-1c: How-To Guides (for Security Engineers) 
  • Draft SP 1800-1d: Standards and Controls Mapping 
  • Draft SP 1800-1e: Risk Assessment and Outcomes  
Excerpt:

"The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment, or incorrect prescriptions. 
 
Cybersecurity experts at the National Cybersecurity Center of Excellence (NCCoE)collaborated with health care industry leaders and technology vendors to develop an example solution to show health care organizations how they can secure electronic health records on mobile devices. The guide provides IT implementers and security engineers with a detailed architecture so that they can recreate the security characteristics of the example solution with the same or similar technologies. Our solution is guided by relevant standards and best practices from NIST and others, including those in the Health Insurance Portability and Accountability Act (HIPAA) Security Rule." 

 

Topics
Mobile Device Security