Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Architecture Design Process for Health Information Exchanges (HIEs)



Matthew A. Scholl, Kevin M. Stine, Kenneth Lin, Daniel Steinberg


The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices can be applied to the development of HIEs. This publication assists organizations in ensuring that data protection is adequately addressed throughout the system development life cycle, and that these data protection mechanisms are applied when the organization develops technologies that enable the exchange of health information.
NIST Interagency/Internal Report (NISTIR) - 7497
Report Number


Health Information Exchange, health IT, HIE, information security


Scholl, M. , Stine, K. , Lin, K. and Steinberg, D. (2010), Security Architecture Design Process for Health Information Exchanges (HIEs), NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 24, 2024)
Created September 30, 2010, Updated November 10, 2018