By Erin Dietsche, MedCity News | August 6, 2018
The new report from the National Institute of Standards and Technology outlines how organizations can use open-source and commercially available tools to keep patient information safe on mobile devices.
The National Institute of Standards and Technology has issued a new report on securing mobile devices connected to electronic health records.
The 260-page guidance outlines not only the challenge associated with these situations but also approaches to potential solutions.
“Healthcare providers increasingly use mobile devices to store, process and transmit patient information,” the report reads. “When health information is stolen, inappropriately made public or altered, healthcare organizations can face penalties and lose consumer trust, and patient care and safety may be compromised.”
NIST set out to further study this issue. Thus, in the lab of the National Cybersecurity Center of Excellence, which is part of NIST, the organization created a simulation of how mobile devices and an EHR system interact. In the replication, the EHR is set to be located in a mid-size to large medical organization and accessed by a provider from a small organization.
NIST explored organizations that provide wireless connections for mobile devices, entities with outsourced support for system access and organizations that give access via an external access point.
In the scenario, the physician used a mobile device to perform activities like sending a referral to another doctor or sending an electronic prescription to a pharmacy.
The simulation relied on a certain group of products, but the guide doesn’t necessarily endorse said products.
Instead, it simply suggests specific capabilities of products that an organization can integrate into its existing infrastructure. Ideally, a health system should use open-source and commercially available tools to ensure patient information is secure when caregivers use mobile devices to share data amongst themselves.
Additionally, the NIST guidelines also point to the importance of risk assessment.
“We recommend that organizations implement a continuous risk management process as a starting point for adopting this or other approaches that will increase the security of EHRs,” the document reads.
Via email, a health IT expert weighed in on the latest from NIST.
“Leveraging mobile technology to increase quality of care and relieve pressures on providers is a cornerstone of the modern digital hospital,” Cleveland Clinic chief information security officer Vugar Zeynalov said. “This guidance is a practical foundation to opening up new possibilities for caregivers while maintaining our obligation to patient safety and privacy.”