ABSTRACT

Securing Electronic Health Records on Mobile Devices   [open pdf - 12MB]

"Healthcare providers increasingly use mobile devices to store, process, and transmit patient information. When health information is stolen, inappropriately made public, or altered, healthcare organizations can face penalties and lose consumer trust, and patient care and safety may be compromised. The NCCoE [National Cybersecurity Center of Excellence ] helps organizations implement safeguards to ensure the security of patient information when doctors, nurses, and other caregivers use mobile devices in conjunction with an EHR [electronic health records] system. In our lab at the NCCoE at NIST [National Institute of Standards and Technology], we built an environment that simulates interaction among mobile devices and an EHR system that is supported by the information technology (IT) infrastructure of a medical organization. We considered a scenario in which a hypothetical primary care physician uses her mobile device to perform recurring activities such as sending a referral containing a patient's clinical information to another physician, or sending an electronic prescription to a pharmacy. At least one mobile device is used in every transaction, each of which interacts with an EHR system. When a physician uses a mobile device to add patient information into an EHR, the EHR system enables another physician to access the information through a mobile device as well. This guide does not address patients accessing their own data. In general, EHR systems are accessed by healthcare professionals only. Patients typically access their data via a patient portal, in which data is derived from the EHR system."

Report Number:
NIST SPECIAL PUBLICATION 1800-1
Author:
Publisher:
Date:
2018-07
Copyright:
Public Domain
Retrieved From:
National Institute of Standards and Technology: https://www.nist.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations