The National Cybersecurity Center of Excellence (NCCoE), a division of the National Institute of Standards and Technology (NIST) has penned a five-part draft guidance on cybersecurity for mobile devices that connect to electronic health records. The guidance includes a step-by-step how-to guide for improving data security that uses commercially available and open source tools and technologies, as well as sections on standards and control mapping and risk assessment.
“The NCCoE was established specifically to help organizations solve real-world challenges, and this was one of particular concern to the health care community,” NCCoE Director Donna Dodson said in a statement. “This guide can help providers protect critical patient information without getting in the way of delivering quality care.”
The guidance reflects the tightrope that hospitals have to walk in implementing mobile EHR access. Protecting patient data is important, but the interface can’t require too much of doctors or it won’t be adopted — doctors already complain that EHRs aren’t easy to use and don’t fit into their workflow. So, for instance, NCCoE proposes a five-step login process to mobile EHR tools, but only the first and last step require the user to enter a password: logging into the mobile device and logging into the EHR. The rest of the authentication happens automatically using certificates and media access controls. Keep reading>>