Securing Electronic Health Records on Mobile Devices NIST SP 1800-1 Draft: Approach, Architecture, and Security Characteristics
暫譯: 在行動裝置上保護電子健康紀錄 NIST SP 1800-1 草案：方法、架構與安全特性

Date Draft Released by NIST: July 2015 Health care providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many health care providers, mobile devices can present vulnerabilities in a health care organization’s networks. At the 2012 Health and Human Services Mobile Devices Roundtable, participants stressed that mobile devices are being used by many providers for health care delivery before they have implemented safeguards for privacy and security. This NIST Cybersecurity Practice Guide provides a modular, open, end-to-end reference design that can be tailored and implemented by health care organizations of varying sizes and information technology sophistication. Specifically, the guide shows how health care providers, using open source and commercially available tools and technologies that are consistent with cybersecurity standards, can more securely share patient information among caregivers using mobile devices. The scenario considered is that of a hypothetical primary care physician using her mobile device to perform reoccurring activities such as sending a referral (e.g., clinical information) to another physician, or sending an electronic prescription to a pharmacy. Instead, it presents the characteristics and capabilities that an organization’s security experts can use to identify similar standards-based products that can be integrated quickly and cost-effectively with a health care provider’s existing tools and infrastructure.

This public domain material was printed by 4th Watch Cyber Books. 4th Watch is not affiliated with the National Institute of Standards. 4th Watch books use high-quality 8 ½ by 11 inch paper, and are tightly bound. Most are printed in full color, that’s why they cost so much.

For more NIST titles, visit: cybah webplus net Partial list below:


NIST SP 800-12 Rev 1 An Introduction to Information Security

NIST SP 800-18 Developing Security Plans for Federal Information Systems

NIST SP 800-30 Guide for Conducting Risk Assessments

NIST SP 800-32 Public Key Technology and the Federal PKI Infrastructure

NIST SP 800-34 Contingency Planning Guide for Federal Information Systems

NIST SP 800-37 Applying Risk Management Framework to Federal Information

NIST SP 800-39 Managing Information Security Risk

NIST SP 800-53 Rev 4 Security and Privacy Controls for Federal Information Systems and Organizations

NIST SP 800-53A R4 Assessing Security and Privacy Controls

NIST SP 800-57 Recommendation for Key Management

NIST SP 800-61 Computer Security Incident Handling Guide

NIST SP 800-82r2 Guide to Industrial Control Systems (ICS) Security

NIST SP 800-95 Guide to Secure Web Services

NIST SP 800-121 Guide to Bluetooth Security

NIST SP 800-137 Information Security Continuous Monitoring (ISCM)

NIST SP 800-160 Systems Security Engineering

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems

NIST SP 800-177 Trustworthy Email

NIST SP 800-184 Guide for Cybersecurity Event Recovery

NIST SP 800-190 Application Container Security Guide

NIST SP 800-193 Platform Firmware Resiliency Guidelines

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 1800-2 Identity and Access Management for Electric Utilities

NIST SP 1800-5 IT Asset Management: Financial Services

NIST SP 1800-6 Domain Name Systems-Based Electronic Mail Security

NIST SP 1800-7 Situational Awareness for Electric Utilities

NIST SP 1800-8: Securing Wireless Infusion Pumps

NISTIR 8011 Automation Support for Security Control Assessments