Securing Electronic Health Records on Mobile Devices
Guidance from the National Institute of Standards and Technology (NIST) Special Publication: 1800-1
Summary from the NCCoE website:
"Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic healthcare records is outpacing the privacy and security protections on those devices.
Cybersecurity experts at the NCCoE collaborated with healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The example solution is packaged as a “How To” guide, providing organizations with the detailed instructions to recreate our example. Specifically, we show how security engineers and IT professionals, using commercially available and open source tools and technologies that are consistent with cybersecurity standards, can help healthcare organizations that use mobile devices more securely share electronic health records.
Organizations can use some or all of the guide to help them implement healthcare industry standards and best practices, as well as those in the NIST Framework for Improving Critical Infrastructure Cybersecurity. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments."