Detailed guide available to help providers ward off data breaches
A new, federally funded guide, the first in a planned series, is available to help healthcare providers and other organizations seeking to beef up cybersecurity.
It’s also open to suggestions for improvements.
Produced by the National Cybersecurity Center of Excellence (NCCoE), an arm of the Commerce Department’s non-regulatory National Institute of Standards and Technology (NIST), the step-by-step guide draws on input from industry experts and academic researchers.
It applies standards-based tools—some commercially available, others open-source—to steer providers toward tapping into the latest and greatest in mobile technology while better protecting patient information.
NIST has posted the guide in draft form and is inviting comments.
According to a NIST news release, the guide is the fruit of a simulation project observing and recording interactions among mobile devices and an EHR as supported by the IT infrastructure of a medical organization.
The NCCoE-led team behind the project worked up a scenario in which a hypothetical primary care physician uses a mobile device to, for example, send a referral containing clinical information to another physician or an electronic prescription to a pharmacy.
The creators of the guide looked for vulnerabilities, took insights thusly gleaned and “built a solution to improve privacy and security protections.”
“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” said NCCoE Director Donna Dodson. “This guide can be an important tool among the many they use to reduce risk.”
Many providers may welcome the help. Data breaches of all sorts have become commonplace across industries and government entities, and healthcare continues to be a prime target.
In fact, the latest report from the nonprofit Identity Theft Resource Center shows that, in the first half of this year alone, there were 708 total breaches in the U.S., and some 304—42.2 percent, the largest slice—happened in the medical/healthcare sector.
To access the series-starting, five-part NIST draft document, along with a template for comments, click here.
Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.