TRENDING:

NIST Offers HIE Security Guidance

Report Outlines an Architecture for Health Information Exchanges Howard Anderson (ismg_editor) • October 27, 2010    
NIST Offers HIE Security Guidance
As hundreds of health information exchanges across the country ramp up their efforts to ease the sharing of electronic health records, a government agency has prepared a detailed report on how to create an HIE security architecture.

The National Institute of Standards and Technology within the Department of Commerce published the report, "Security Architecture Design Process for Health Information Exchanges." The purpose of the document, NIST says, is to "provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices can be applied to the development of HIEs."

The 50-page NIST document presents a five-layered architecture design process to implement security and maintain privacy. The five layers are:

  • Capstone policies, which incorporate all requirements and guidance for protecting health information;
  • Enabling services required to implement the capstone policies, derived from common industry practices and customized to address HIEs' requirements;
  • Enabling processes, or scenarios for implementing services;
  • Notional architecture, which provides a blueprint to drive the selection of technical solutions and data standards;
  • Technology solutions and standards.

Emerging HIEs

Earlier this year, the e-Health Initiative estimated there were 73 operational HIEs in the U.S. and another 234 that are in the works. A survey by the organization found that only 18 percent of health information exchanges have a policy requiring patients to "opt-in" and give formal consent before any of their records are shared via the networks.

The HITECH Act, best known for providing Medicare and Medicaid financial incentives to hospitals and physicians for using electronic health records, also provided grants to states to support development of statewide HIEs.

Federal advisory groups are working on recommendations aimed at ensuring that EHRs transmitted over health information exchanges remain private.

Previous
Top Schools for Information Assurance
Next
Homeless Used in Medicare Fraud Scheme

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP
Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
The State of Security Leadership
The State of Security Leadership
Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care
Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.