NIST to test data exchange security
The National Cybersecurity Center of Excellence plans to test tools and technologies to support the secure exchange of electronic health information, especially for small healthcare providers.
To that end, the National Institute of Standards and Technology (NIST) seeks organizations to provide products and technical expertise to test security platforms for health information exchange that will make it easier for small providers to share patient data.
[See also: Top 5 security threats in healthcare.]
Participation is open to all interested organizations, not just those involved with health care, using electronic health records, or covered by the Health Insurance Portability and Accountability Act (HIPAA), according to a Jan. 14 announcement in the Federal Register.
This is the first step for the National Cybersecurity Center of Excellence in the Secure Exchange of Electronic Health Information project, for which NIST has not yet published a start date.
The demonstration project aims to come up with tools and methods to support the secure exchange of health information, a process which may be especially difficult for small providers who might lack the security infrastructure or expertise of larger healthcare organizations.
The effort will also explore challenges posed by the variety of devices that can be used in exchange, the range of healthcare data exchange standards, concerns about the lack of physical security controls or the ability to circumvent security features, and interaction with a variety of systems in terms of data synchronization and storage.
“Although a number of components are available to address some of these concerns in some healthcare environments, security platforms that are composed of available capabilities in a secure, usable and affordable manner to provide comprehensive solutions are needed for the very large number of small healthcare providers,” NIST said in its notice.
The National Cybersecurity Center of Excellence is a public/private collaboration with the State of Maryland and Montgomery County, Md., and NIST to drive widespread adoption of integrated cybersecurity tools and technologies to protect IT assets and information to enhance public trust, lower risk for those using IT systems, and encourage development of innovative products and services.