Dedicated to providing the latest
HIPAA compliance news

NCCoE Cybersecurity Practice Guide for Mobile Devices Released: Comments Requested

Share this article on:

The use of Smartphones and other portable devices in healthcare is growing and the federal government is concerned. The devices carry a high risk of causing a data breach, and the feds are concerned that physicians and other healthcare workers may accidentally expose patient data, or worse still, give hackers an entry point into hospital EHRs.

Medical identity theft costs billions of dollars every year, and patient’s privacy is being violated on an almost daily basis. Hackers are targeting healthcare organizations, thieves are looking for portable devices to steal, and malicious insiders are copying data from EHRs; however, Smartphones have potential to cause even more data breaches. The reason? The data security and privacy protections used to safeguard data stored on the devices is often inadequate.

 

NCCoE Takes Steps to Protect Mobile Healthcare Devices

 

The National Cybersecurity Center of Excellence (NCCoE) was formed by National Institutes of Standards in Technology (NIST), the state of Maryland, and Montgomery County, Md in 2012, and during the past three years it has been gathering data to help it identifying the common cybersecurity challenges faced by U.S industries.

According to NCCoE Director, Donna Dodson, “The NCCoE was established specifically to help organizations solve real-world challenges, and this was one of particular concern to the health care community,” she went on to say, . “This guide can help providers protect critical patient information without getting in the way of delivering quality care.”

 

New Cybersecurity Guidelines for Mobile Devices Released

 

To prevent Smartphones and other portable electronic storage devices from causing data breaches, the NCCoE, under the guidance of the NIST, has developed a new set of cybersecurity guidelines to help HIPAA-covered entities secure Smartphones and other mobile devices.

The NCCoE consulted with healthcare and security professionals as well as technology vendors to determine the best methods for protecting the devices, and the research has now been compiled into a guide to cybersecurity that healthcare providers can use to better protect patient data. The guidelines also incorporate the rules laid down in the Health Insurance Portability and Accountability Act (HIPAA) to keep data secure.

The guide, “Securing Electronic Health Records on Mobile Devices,” contains step by step information on how to secure data, along with a number of best practices to adopt. The guide incorporates the NIST Framework for Improving Critical Infrastructure Cybersecurity and lists a number of standards-based, commercially available, or open-source tools.

The guide does not suggest that all products are used, and neither does it endorse any of the products mentioned in the guide. It just offers a number of possible solutions and leaves it to each organization to determine the best methods to use to match its existing IT infrastructure. The guidelines can be used as a starting point to develop policies and procedures to secure devices and data, or as a step by step guide to improve mobile device security.

 

Comments Invited on Draft Securing Electronic Records on Mobile Devices Guide

 

NIST recently issued a press release announcing the release of the guide, and has invited comments on securing electronic records on mobile devices. The guide has been broken down into sections – Executive Summary; Approach, Architecture, How to Guide, Standards and Controls Mapping; and Risk Assessment and Outcomes – which can be downloaded separately for ease of use.

Healthcare providers and other organizations have until September 25, 2015 to download the guide and submit comments. The final guide is expected to be released later in the fall.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On