Draft Security Architecture Design Process for Health Information Exchanges (HIEs) [open pdf - 625KB]
"Protecting electronic patient health information is crucial to the deployment of a Health Information Exchange (HIE). As noted in the Summary of the National Health Information Network Report from the Office of the National Coordinator, 'An important core competency of the HIE is to maintain a trusting and supportive relationship with the organizations that provide data to, and retrieve data from, one another through the HIE. The trust requirement is met through a combination of legal agreements, advocacy and technology for ensuring meaningful information interchange in a way that has appropriate protections.' The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that applies them specifically to the HIE domain. This publication assists organizations in ensuring that data protection is adequately addressed throughout the system development life cycle, and that these data protection mechanisms are applied when the organization develops technologies that enable the exchange of health information."
National Institute of Standards and Technology: http://www.nist.gov/