Skip to main content
close search
site logo
Dive Brief

NIST offers 'how to' for securing EHRs on mobile devices

Published Aug. 3, 2018
By
Contributor
Depositphotos

First published on

Healthcare Dive

Dive Brief:

  • With smartphones and tablets becoming ubiquitous in healthcare, the National Institute of Standards and Technology has issued a “how-to” guide aimed at helping providers secure EHRs on mobile devices.
  • The guide provides a simulated solution developed by NIST's National Cybersecurity Center of Excellence using commercially available products. The scenario involves interactions among mobile devices and an EHR system that is supported by an organization's IT infrastructure.
  • NIST hopes people will use the guide to implement relevant standards and best practices for cybersecurity and HIPAA compliance.

Dive Insight:

Cybersecurity is becoming increasingly important as mobile devices are incorporated into all levels of care and hospitals and practices consider policies like bring-your-own-device, or BYOD.

In a 2017 Spõk survey, 71% of clinicians reported their hospitals permits some type of BYOD use, up from 58% in 2016. In the same survey, 65% of physicians and 41% of nurses conceded they use personal devices despite hospital policy against such use.

Much mobile device use centers around clinical care teams. In fact, Spy Glass Consulting found nine in 10 hospitals are investing in smartphones and secure mobile communications to drive clinical transformation. In a JAMF survey, 91% of healthcare IT leaders said they would benefit from an enterprise-wide mobile device initiative.

But ensuring the security of personal health information on mobile devices can be tricky. Mobile devices should be part of an organization’s overall governance program and should include issues like BYOD and what people can download on a flash drive, Kathy Downing, director of practice excellence and senior director at the American Health Information Management Association, told Healthcare Dive earlier this year.

“We see so many breaches when somebody has downloaded something on a flash drive and the flash drive goes missing,” she said.

The NIST guide:

  • Maps security characteristics to recognized standards and best practices.
  • Provides a detailed architecture and capabilities to enhance security controls.
  • Automates configuration of security controls for ease of use.
  • Discusses in-house and outsourced implementation.
  • Shows how security personnel can recreate the simulation design in whole or in part.

The guide also covers issues such as audit controls and monitoring, device integrity, user authentication and transmission security.

Recommended Reading

Filed Under: Digital Health, FDA

Editors' picks

Company Announcements

View all | Post a press release
Joinsoon Electronics Shows Innovative Cable Solutions at MD&M West 2025
From Joinsoon Electronics Manufacturing (JEM)
January 13, 2025
VADI Medical shows Next-Generation Respiratory Devices at MD&M West 2025
From VADI MEDICAL TECHNOLOGY
January 09, 2025

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Digital Health
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.