Electronic Health Records on Mobile Devices

Download the Practice Guide

The NCCoE has released the draft version of NIST Cybersecurity Practice Guide SP 1800-1, Electronic Health Records on Mobile Devices. Use the button below to view this publication in its entirety or scroll down for links to a specific section.

Download PDF »

Summary

Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic health care records is outpacing the privacy and security protections on those devices.

Cybersecurity experts at the NCCoE collaborated with health care industry and technology vendors to develop an example solution to show health care providers how they can secure electronic health records on mobile devices. The example solution is packaged as a “How To” guide, providing organizations with the detailed instructions to recreate our example. Specifically, we show how security engineers and IT professionals, using commercially available and open source tools and technologies that are consistent with cybersecurity standards, can help health care organizations that use mobile devices more securely share electronic health records.

Organizations can use some or all of the guide to help them implement health care industry standards and best practices, as well as those in the NIST Framework for Improving Critical Infrastructure Cybersecurity. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments.

While we have used a suite of commercial products to address this challenge, the guide does not endorse these particular products. Your organization’s security experts should identify the standards-based products that will best integrate with your existing tools and IT system infrastructure. Your organization can adopt this solution or one that adheres to these guidelines in whole, or you can use the guide as a starting point for tailoring and implementing parts of a solution that best meets your mission needs.
 

Read our two-page fact sheet or the press release from NIST. For archival purposes, you may download the Project Description.

To get the latest information on our work in the Health IT sector, sign up for our Health IT email topic.

 

Collaborating Vendors

cisco logo
Intel logo
MaaS360 by Fiberlink
MedTech Enginuity logo
Ramparts Security logo
RSA logo
Symantec logo

The technology vendors who participated in this project submitted their capabilities in response to a call in the Federal Register. Companies with relevant products were invited to sign a Cooperative Research and Development Agreement with NIST, allowing them to participate in a consortium to build this example solution.

 

Disclaimer: Certain commercial entities, equipment, products, or materials may be identified in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.