eDiscovery Daily Blog
NIST Issues Draft Guide for “Securing Electronic Health Records on Mobile Devices”: eDiscovery Trends
As we’ve discussed previously, stolen health records are worth a lot in the black market and that was underscored when health insurance provider Anthem announced in early February that it had suffered what appears to be the largest breach ever in the health insurance industry, affecting about 80 million people. Now, the National Institute of Standards and Technology (NIST) has released a draft guide that might help, at least with regard to securing electronic health record on mobile devices.
On July 23, the National Cybersecurity Center of Excellence (NCCoE), a division of NIST, released a draft of its first cybersecurity practice guide – Special Publication 1800-1: “Securing Electronic Health Records on Mobile Devices”, designed for health IT professionals to use to bolster security for the use of mobile devices in the health care industry. As discussed in the press release issued by NIST, “Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access and transmit electronic health care records is outpacing the privacy and security protections on those devices.”
The draft guide was developed by industry and academic cybersecurity experts, with the input of health care providers who first identified the challenge. The center then invited technology providers with relevant commercial products to partner with NIST through cooperative research and development agreements and collected public feedback at multiple steps along the way.
The draft guide is comprised of five sections, as follows:
- SP 1800-1a: Executive Summary
- SP 1800-1b: Approach, Architecture, and Security Characteristics
- SP 1800-1c: How-To Guide
- SP 1800-1d: Standards and Controls Mapping
- SP 1800-1e: Risk Assessment and Outcomes
Each section is downloadable separately as a PDF, or you can download a .zip file of all volumes (4.82 MB), plus manifest and template files referred to in SP 1800-1c, from this page.
The comment period will run through September 25. You can submit comments on the guide through the form on this page or download the spreadsheet template from that page to collect feedback and email the worksheet to HIT_NCCoE@nist.gov.
As I discussed on Monday, potential data breaches can still happen the old fashioned way, via stolen mobile devices. I was glad my laptop was encrypted when it was stolen last year. Hopefully, this new guide from NIST can help medical professionals to secure their mobile devices and protect against data breaches on those devices.
So, what do you think? Do you think this new guide will reduce the number of data breaches within the medical profession? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
CloudNine empowers legal, information technology, and business professionals with eDiscovery automation software and professional services that simplify litigation, investigations, and audits for law firms and corporations.