If you have been searching for any set of official guidelines for mobile device security or best practices on keeping medical information safe, there is finally some serious movement on that front – a standards reference book with reams of valuable insight on the subject.
The National Institute of Standards and Technology, the authority charged with developing technical standards, has unveiled its long-awaited mobile security guide, specifically written for safeguarding medical information.
The reference book – see below – presently in draft form is awaiting public comment. It offers health care organizations insight on how to bolster Health cybersecurity via open-source or business tools.
Securing Electronic Records on Mobile Devices, National Institute of Standards and Technology officials illustrate, provides health IT professionals with “detailed design so that they can copy or recreate with completely different but similar technologies, the security characteristics of the guide.” The guide additionally outlines NIST standards, best practices and other regulations to adhere to, like HIPAA.
Among the myriad reasons for compiling such a guide, NIST officials point to a 2012 Health and Human Services round-table conference on mobile devices, wherever participants underscored that “many health care providers are using mobile devices in health care delivery before they have acceptable privacy and security protections in place.”
In fact, more than 90% of health care providers are presently using mobile devices among their organizations.
“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” said Donna Dodson, director of NIST’s National Cybersecurity Center of Excellence, in a statement. “This guide can be an important tool among the many they use to reduce risk.”
Included within the 82-page how-to guide, there is Bind DNS and DNSE installation and hardening tips step-by-step directions and requirements, etc. there is Access point advice, IP Tables, and firewall how-tos. The guide additionally details system best practices, configuration management guidelines – as well as Puppet, production web server, etc. It underlines intrusion detection systems, certification authority, host and mobile devices security, MDM enrollment and has an entire section on governance, risk and compliance.
NIST officials describe the new guidelines as including a “virtual environment that simulates interaction among mobile devices and an electronic health record system supported by the IT infrastructure of a medical organization.”
In addition to the how-to reference book, the new NIST guidelines include a 16-page manual on mobile device standards and controls, specifically written for the health care industry. For every related technology, there’s a corresponding table of applicable standards and links to the standards.
The final aspect of the guideline delineates risk assessment and outcomes, based on the business work flow of a typical EHR user.
Click To Download the Guide:
Fill In The Form Below for industry news, and information about our services, events, webinars and more.