The Exchange of Health Care Information: Designing a Security Architecture to Protect Information Security and Privacy
Shirley M. Radack
This bulletin summarizes the information presented in NISTIR 7497, Security Architecture Design Process for Health Information Exchanges (HIEs). The publication describes a systematic approach to designing a technical security architecture for the exchange of health information by building on common government and commercial practices, and demonstrating how these practices can be applied to the development of HIEs. Written by Matthew Scholl and Kevin Stine of NIST and by Kenneth Lin and Daniel Steinberg of Booz Allen Hamilton, the publication helps organizations address data protection issues throughout the development life cycle of a health information system. The bulletin discusses the contents of the publication and explains HIE concepts and the security architecture and design process. Ongoing NIST activities to support the development of the standards, tests, and methodologies needed for electronic health records and HIEs are also summarized. References are provided to additional sources on exchange of health care information.
confidentiality, cyber security, electronic health records, health care information, health information technology, health information exchanges, information security, Health Insurance Portability and Accountability Act, privacy, reliability, risk assessments, security architecture, security controls, security controls, security plans, security requirements, security risks
The Exchange of Health Care Information: Designing a Security Architecture to Protect Information Security and Privacy, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD
(Accessed February 21, 2024)