NIST Releases Guide on Securing Health Records on Mobile Devices

By: Arieanna Schweber | 8/21/2015

The National Cybersecurity Center of Excellence (NCCoE) at the U.S. National Institute of Standards and Technology (NIST) just released a draft of its first cybersecurity practice guide, Securing Electronic Health Records on Mobile Devices.” The document serves as a “how to guide” with a solution on how to secure PHI with ideas consistent with cybersecurity standards and best practices.

The value of PHI to cybercriminals just keeps going up, meaning that cybercriminals are out to exploit any weakness they can find. Forrester estimates that 78% of data breaches in the healthcare sector are due to lost or stolen devices. The NIST Guide examined the top security risks to electronic health records on mobile devices, listing weak passwords, network sniffing and stolen mobile devices as the top 3 risks.

The new NIST Guide, while offering some solutions, admits that its guide should serve as a starting point for tailoring and implementing solutions that best meet the needs of the organization in question.

Topics covered in the Guide include:

  • The Approach, Architecture, and Security Characteristics to securing electronic health records on mobile devices, which includes a good section on risk assessment for mobile devices covering lost or stolen devices, user actions which put data at risk (leaving logged-on devices exposed, malware and use of insecure WiFi networks), and base security such as access control, data retention and recovery
  • A detailed How-To Guide covering areas including network infrastructure, intrusion detection, identity and access control and more
  • Standards and Control Mapping for security electronic health records
  • Risk Assessments and Outcomes for securing electronic health records
Absolute gives you the confidence to enable mobility so your organization can deliver the highest levels of patient care while protecting and securing patient information. Absolute is a critical part of an effective layered security model, providing lifecycle security, risk assessment and risk response to help organizations prevent costly data breaches. Our unique Persistence technology allows for a reliable two-way connection in Absolute DDS for Healthcare can help you identify potential security threats and respond rapidly before they become damaging security incidents. Learn more about Absolute's security solutions for healthcare here.
To learn more about how to be proactive in healthcare security, moving beyond best practices to ensure data security, we encourage you to visit our website or read our whitepaper, The Cost of a Data Breach: Healthcare Settlements Involving Lost or Stolen Devices or our recent whitepaper, the Best Practices for Healthcare Data Breach Prevention.
Financial Services