NIST’s Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist Computer Security Division Information Technology Laboratory National Institute of Standards and Technology March 22, 2010
12
Embed
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
NIST’s Role in Securing Health Information
AMA-IEEE Medical TechnologyConference on Individualized Healthcare
Kevin Stine, Information Security Specialist
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
March 22, 2010
NIST’s MissionNIST’s Mission
To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology …
2Credit: NIST
Credit: R. Rathe
… in ways that enhance economic security and improve our quality of life.
A division with the Information Technology Lab, CSD provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services …
3
… in order to build trust and confidence in Information Technology (IT) systems
AgendaAgenda
Meaningful Use, Standards, and Certification (Oh My)
NIST HIT Security Activities… Past, Present, and Near NIST HIT Security Activities… Past, Present, and Near FutureFuture
Wireless and Mobile Technology ResourcesWireless and Mobile Technology Resources
4
Meaningful Use, Standards, and Certifications (Oh My)Meaningful Use, Standards, and Certifications (Oh My)
Meaningful Use (NPRM) Adopt and meaningfully use certified electronic health record (EHR)
technology
Stage 1(beginning in 2011): Ensure adequate privacy and security protections for personal health information.
Standards and Certification (IFR) Represents the first step in an incremental approach to adopting standards,
implementation specifications, and certification criteria to enhance the interoperability, functionality, utility, and security of health information technology and to support its meaningful use.
Standards for HIT to protect Electronic Health Info (IFR, §170.210)
Encryption and decryption of EHI, Record actions related to EHI, Verification that electronic health information has not been altered in transit, Cross-enterprise authentication