Mobile Security: Help Is on the WayJoy Pritts Outlines HHS's Plans for Guidance
The Department of Health and Human Services plans to offer videos, tip sheets and other guidance on security for mobile devices by the end of this year.
Joy Pritts, chief privacy officer at HHS's Office of the National Coordinator for Health IT, shared with HealthcareInfoSecurity this week more details about the recently announced project (see: Mobile Security Best Practices Sought). Pritts is taking a lead role in the effort, which also involves the HHS Office for Civil Rights.
"Given the rapid adoption of mobile devices against the backdrop of the breach incidents reported, there's been a growing concern about the use of these devices because of their vulnerability," Pritts says. "The mobile device privacy and security good practices project is one of the ways we hope to address these concerns."
To improve awareness and understanding about how to better secure and protect health information while using mobile devices, including laptops, tablets and smart phones, ONC will produce a variety of materials this year, Pritts says. "The good practices materials will be communicated in plain, practical and easy-to-understand language through different media formats, such as videos and quick tip sheets that will be available on HealthIT.gov," she says.
To help identify best practices, organizers will hold a public roundtable event this spring, offer a public comment period on mobile security, and conduct outreach through ONC's Regional Extension Centers, which are coaching new adopters of electronic health records, Pritts says.
The mobile device roundtable, to be held in Washington this spring, will be accessible online and will offer an opportunity for public comment. The purpose of the event, Pritts says, is to "gather input from providers, industry and security experts on relevant industry privacy and security practices for mobile devices with the goal of gathering the uses as well as current and emerging privacy and security best practices."
The event will feature a legal/regulatory panel, which will describe the current security landscape; a technology panel, which will discuss good practices in place and emerging practices and security features; and a provider user panel, which will discuss how use of mobile devices.
Details about signing up for the panel will be available within about three weeks, Pritts says.
The project will build on a document known as HHS HIPAA Security Rule - Remote Use Guidance that was issued in 2006.
More information about HHS's mobile health initiatives is available on an HHS website.