The National Cybersecurity Center of Excellence, part of the U.S. Department of Commerce’s National Institute of Standards of Technology, is circulating a draft guidance on best practices for securing healthcare data on mobile devices.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
The draft, entitled, “Securing Electronic Health Records on Mobile Devices,” is the first in a planned series of guidances on improving cybersecurity across many industries with the help of standards-based technology, the three-year old center announced.
NCCoE developed the draft by running a simulated primary care environment to test the interactions between users, an EHR system and mobile devices. The center then applied commercially available technologies to build tighter controls for mobile EHR security and privacy.
“Using the guide, your organization may choose to adopt the same approach. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments,” the document stated.
The draft guide maps security practices and characteristics to the HIPAA security rule and other standards, then details the technical requirements for addressing security issues before offering how-to advice for health IT professionals.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
“This guide can help providers protect critical patient information without getting in the way of delivering quality care,” NCCoE Director Donna Dodson said in a prepared statement.
“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” Dodson added. “This guide can be an important tool among the many they use to reduce risk.”
The NCCoE is taking public comments on the draft through Sept. 25 at this link, or by e-mail that should be addressed to [email protected].
In health IT, NIST already is responsible for certifying the certification bodies in the context of Meaningful Use.
Photo: Flickr user mikecogh
