Cybersecurity Center Project to Secure Health Information
From NIST Tech Beat: February 6, 2013
Contact: Jennifer Huergo
The National Institute of Standards and Technology (NIST) invites organizations to participate in a National Cybersecurity Center of Excellence (NCCoE) effort to integrate commercially available security technologies with health information systems. The goal is to develop security demonstrations that health care providers can use to protect patient information. The Secure Exchange of Electronic Health Information Demonstration Project was recently announced in a Federal Register notice.
Healthcare providers can deliver better care for patients by offering the capability to record and share information electronically. However, to realize the potential benefits of these capabilities, providers must ensure the security and privacy of health information. The variety of devices and platforms used today present many challenges such as a lack of security controls (for example, preventing a security breach or data loss from a stolen mobile device), the use of untrusted client devices and networks, and problems that may occur when different systems interact.
"Many technologies exist to better protect electronic patient information," says NCCoE Deputy Director Nate Lesser. "Integrating these technologies in a usable, interoperable, secure and cost-effective way will help to enhance information protection and increase technology adoption."
Project participants will provide technical expertise and products to support and demonstrate security platforms. Concepts that will be explored include authentication and authorization mechanisms, secure electronic health information workload platforms, components for secure data transfer/communications, storage and retrieval and mobile trusted client endpoint devices.
"We're especially interested in security solutions that will be affordable and deployable by small health care providers," Lesser says. "They often face the additional challenges of limited budgets, security infrastructure and expertise. We're interested in working with industry to demonstrate security solutions that will provide secure options for anyone exchanging electronic health information."
To participate in the project, send a request for a certification letter to Karen Waltermire at NCCoE@nist.gov (she can also be reached at 240-314-6800). The certification letter must be returned by 5 p.m. Eastern time on March 1, 2013.
Vendors' intellectual property will be protected under the terms of their agreements with NIST. The NCCoE will publish the complete specifications of solutions developed in its lab, including: the model, part and version number of any product used in the build; any code, script or configuration file used to integrate various technologies; user guides and FAQs to aid in the deployment of the build; and any test data generated over the course of the project.
The NCCoE was announced in February 2012. It brings together researchers and experts from academia, industry and government to create solutions for specific cybersecurity challenges. The Secure Exchange of Electronic Health Information Demonstration Project is expected to run for 1-2 years and tackle a variety of issues related to securing health information. For more information on the NCCoE and its projects, visit http://csrc.nist.gov/nccoe/.