Presentation is loading. Please wait.

Presentation is loading. Please wait.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

Published byColin Reid Modified over 10 years ago

Similar presentations

Presentation on theme: "NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist."— Presentation transcript:

1 NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist Computer Security Division Information Technology Laboratory National Institute of Standards and Technology March 22, 2010

2 NISTs Mission To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology … 2 Credit: NIST Credit: R. Rathe … in ways that enhance economic security and improve our quality of life.

3 Computer Security Divisions Mission A division with the Information Technology Lab, CSD provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services … 3 … in order to build trust and confidence in Information Technology (IT) systems

4 Agenda 4

5 Meaningful Use, Standards, and Certifications (Oh My) Meaningful Use (NPRM) Adopt and meaningfully use certified electronic health record (EHR) technology Stage 1(beginning in 2011): Ensure adequate privacy and security protections for personal health information. Standards and Certification (IFR) Represents the first step in an incremental approach to adopting standards, implementation specifications, and certification criteria to enhance the interoperability, functionality, utility, and security of health information technology and to support its meaningful use. Standards for HIT to protect Electronic Health Info (IFR, §170.210) Encryption and decryption of EHI, Record actions related to EHI, Verification that electronic health information has not been altered in transit, Cross- enterprise authentication Certification Criteria (IFR, §170.302) Access Control, Audit Log, Integrity, Authentication, Encryption

6 Agenda 6

7 Risk Management 7 Repeat as necessary RISK MANAGEMENT FRAMEWORK Security Life Cycle Step 1 CATEGORIZE Information Systems FIPS 199 / SP 800-60 Step 6 MONITOR Security State SP 800-37 / 800-53A Step 3 IMPLEMENT Security Controls SP 800-70 Step 2 SELECT Security Controls FIPS 200 / SP 800-53 Security Plan Step 5 AUTHORIZE Information Systems SP 800-37 Plan of Actions & Milestones Step 4 ASSESS Security Controls SP 800-53A Security Assessment Report ORGANIZATIONAL VIEW Organizational Inputs Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Architecture Description FEA Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries Starting Point Risk Executive Function

8 Health IT Security - What Weve Done… Standards Harmonization Support ONC and HITSP in harmonizing and integrating standards to enable exchange of health information Outreach & Awareness Present on application of security standards and guidelines to HIPAA and HIT security implementations Publications & Resources HIPAA Security Rule Guide HIE Security Architecture

9 Health IT Security - What We Plan To Do… Security Automation HIPAA Security Rule toolkit Security configuration checklists HIT Test Infrastructure Provide capability for current and future EHR testing needs against standards Conformance and interoperability testing capabilities

10 Agenda 10

11 Wireless and Mobile Technology Security Resources Wireless 800-127 Draft, Guide to Security for WiMAX Technologies 800-121, Guide to Bluetooth Security 800-120, Recommendations for EAP Methods Used in Wireless Network Access Authentication 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i 800-48 Revision 1, Guide to Securing Legacy IEEE 802.11 Wireless Networks Mobile Technologies 800-124, Guidelines on Cell Phone and PDA Security 800-114, Users Guide to Securing External Devices for Telework and Remote Access 800-101, Guidelines on Cell Phone Forensics 800-46 Rev 1, Guide to Enterprise Telework and Remote Access Security

12 Thank You Kevin Stine kevin.stine@nist.gov Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Computer Security Resource Center: http://csrc.nist.gov NIST Health IT Standards and Testing: http://healthcare.nist.gov 12

Download ppt "NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist."

Similar presentations

Wireless and Mobile Technologies for Healthcare: Ensuring Privacy, Security, and Availability Thomas Jepsen Chair, IEEE-USA Medical Technology Policy Committee.

Wireless and Mobile Technologies for Healthcare: Ensuring Privacy, Security, and Availability Thomas Jepsen Chair, IEEE-USA Medical Technology Policy Committee.
Managing Wireless Medical Device Security Challenges in Today's Enterprise HealthCare Neil Buckley AMA-IEEE Conference March 22, 2010.

Managing Wireless Medical Device Security Challenges in Today's Enterprise HealthCare Neil Buckley AMA-IEEE Conference March 22, 2010.
The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.

The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.

HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
Stage 1 Meaningful Use & Reportable Lab Results

Stage 1 Meaningful Use & Reportable Lab Results
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.

Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Similar presentations

Ads by Google