Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Security Recommendations for Mobile Health Apps

Share

Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization.  Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference.  When EHRs are combined with mobile platforms, the cybersecurity risks multiply.  Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.

To help defuse these concerns, the U.S. National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) recently published a comprehensive guide entitled “Securing Electronic Health Records on Mobile Devices.”    One of the goals in preparing this document was to demonstrate, using detailed examples and already-available standards and technologies, the ways to ensure cybersecurity of  patients’ health records in accordance with the HIPAA Security Rule.   The guide is intended to facilitate the adoption of best cybersecurity practices but it is not legally binding, and its use is voluntary.  Nevertheless, the guide encourages organizations to consider the presented worked-out designs, which rely both on commercial products and open-source solutions.

The guide adopts, and stresses throughout, a risk-based approach to security.  A structured, methodical risk assessment should ideally be established before health care providers start using mobile devices in a given health care practice, and it should be continuous in nature, with periodic review and reassessment of the risks.  This change in attitude might be one of the more important barriers for health care organizations to overcome, since cybersecurity has often been an afterthought, which has resulted in an increasing number of data breaches and subsequent legal and financial repercussions.

NCCoE and NIST are inviting businesses to provide feedback to their practice guide, especially on its implementation in the real world.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

September 14, 2018
Written by: Svetlana Lyapustina
Category: Cybersecurity, Privacy
Tags: EHRs, electronic health records, HIPAA Security Rule, National Institute of Standards and Technology, NCCoE, NIST, U.S. National Cybersecurity Center of Excellence

Post navigation

Previous Previous post: UK Information Commissioner’s Office Fines Direct Marketing Company for PECR Violation
Next Next post: Enough of the Patchwork: Tech Industry Group Calls for a National Privacy Framework

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT