Those organizations keeping an eye on the National Institute of Standards and Technology (NIST) developments toward strong security platforms for healthcare organizations exchanging health data have until Feb. 21 to request a certification letter to take part in the project.
Potential participants include private- and public-sector organizations, including technology vendors, integrators, healthcare providers and academia. In addition to the chance to comment, according to the Federal Register, participants will have to detail the security platform components or capabilities it is offering:
- Electronic health information entry and display devices
- Authentication and authorization mechanisms
- Data transfer/communications components
- Electronic health information storage and retrieval components
- Forms generation capabilities
- Printer devices or interfaces
NIST believes that one of the biggest problems in HIE security is with physical controls, and pointed out the rash of mobile device thefts of late. These efforts will also serve as the NIST National Cybersecurity Center of Excellence’s, a private-public collaboration between State of Maryland and Montgomery County, Md., and NIST that will work on integrated cybersecurity tools, initial public venture. The 1-2 year project is a pressing issue as Stage 2 Meaningful Use is quickly approaching and having government standards in place for health information exchange (HIE) security will help quell fears that information exchange will make data less secure.
The Office of the National Coordinator for Health Information Technology (ONC) has already delayed HIE guidance, citing the need to identify HIE best practices and principles, as well as the top ways to approach governance. According to the Federal Register, the first demonstration project will address secure communication.