NIST and NCCoE Offer Guidance on Mobile Device Security in Health Care
In recognition of the vulnerability of mobile devices and the daily use of those devices in health care, the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) released a practice guide earlier this month entitled Securing Electronic Health Records on Mobile Devices (NIST Special Publication 1800-1). NIST and NCCoE specifically examined physician use of a mobile device (i.e. smart phone or tablet) to send a referral or an electronic prescription. Using open-source tools and commercially available technologies, NIST and NCCoE offer technical guidance on how to ensure that such mobile device use complies with the HIPAA Security Rule and is in line with NIST best practices. The 260-page practice guide has something for everyone ‒ high-level summaries for business leaders and technical guidance for information security and technology teams.