Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Exchange of Health Care Information: Designing a Security Architecture to Protect Information Security and Privacy



Shirley M. Radack


This bulletin summarizes the information presented in NISTIR 7497, Security Architecture Design Process for Health Information Exchanges (HIEs). The publication describes a systematic approach to designing a technical security architecture for the exchange of health information by building on common government and commercial practices, and demonstrating how these practices can be applied to the development of HIEs. Written by Matthew Scholl and Kevin Stine of NIST and by Kenneth Lin and Daniel Steinberg of Booz Allen Hamilton, the publication helps organizations address data protection issues throughout the development life cycle of a health information system. The bulletin discusses the contents of the publication and explains HIE concepts and the security architecture and design process. Ongoing NIST activities to support the development of the standards, tests, and methodologies needed for electronic health records and HIEs are also summarized. References are provided to additional sources on exchange of health care information.
ITL Bulletin -


confidentiality, cyber security, electronic health records, health care information, health information technology, health information exchanges, information security, Health Insurance Portability and Accountability Act, privacy, reliability, risk assessments, security architecture, security controls, security controls, security plans, security requirements, security risks


Radack, S. (2010), The Exchange of Health Care Information: Designing a Security Architecture to Protect Information Security and Privacy, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD (Accessed July 16, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created November 23, 2010, Updated January 27, 2020