Editor’s Note: An advance copy of the complete NIST Federal Register notice is attached here.
From: NIST/Federal Register
SUMMARY: The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for exchange of electronic health care information by healthcare providers. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in the Secure Exchange of Electronic Health Information project. Participation in the project is open to all interested organizations.
DATES: Interested parties must contact NIST to request a certification letter. Completed and signed certification letters must be received by NIST by 5:00 PM Eastern time on [PLEASE INSERT DATE 45 DAYS AFTER PUBLICATION IN THE FEDERAL REGISTER.].
Project Objective: Healthcare providers increasingly need to securely exchange electronic health information with each other. The confidentiality, integrity, and availability of this information must be protected. Secure exchange of electronic health information is often particularly challenging for small healthcare providers, who may lack the security infrastructure or expertise that larger healthcare providers possess. Other challenges with secure electronic health information exchange include the variety of client devices (desktops, laptops, and mobile devices) and the range of healthcare data exchange standards.
Major security concerns for secure electronic health information exchange include, but are not limited to, the following categories:
• Lack of physical security controls (e.g., increased risk of loss or theft for mobile devices, public proximity to client devices)
• Use of untrusted client devices (lack of security features or circumvention of those features)
• Use of untrusted networks (e.g., broadband, WiFi, WiMAX, cellular networks)
• Interaction with other systems in terms of data synchronization and storage
Although a number of components are available to address some of these concerns in some healthcare environments, security platforms that are composed of available capabilities in a secure, usable, and affordable manner to provide comprehensive solutions are needed for the very large number of small healthcare providers. The goal for this project is to provide a security platform to enable small healthcare providers to exchange electronic health information in support of the U.S. federal government and the health IT community.
Leave a Reply