NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

Slides:



Advertisements
Similar presentations
Wireless and Mobile Technologies for Healthcare: Ensuring Privacy, Security, and Availability Thomas Jepsen Chair, IEEE-USA Medical Technology Policy Committee.
Advertisements

Managing Wireless Medical Device Security Challenges in Today's Enterprise HealthCare Neil Buckley AMA-IEEE Conference March 22, 2010.
The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Khammar Mrabit Director Office of Nuclear Security
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
Stage 1 Meaningful Use & Reportable Lab Results
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
Security Controls – What Works
Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
Agenda Scope of Requirement Security Requirements
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
Public Health Data Standards Consortium
Beyond the EMR – Exchanging Health Information Outside of Your Organization John W. Loonsk, MD, FACMI Office of the National Coordinator for Health Information.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Draft – discussion only Advanced Health Models and Meaningful Use Workgroup June 23, 2015 Paul Tang, chair Joe Kimura, co-chair.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Working with HIT Systems
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Planning for the Unexpected … Research Organization & Mechanisms Dr. Mel Ciment Consultant
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
IT Security Requirements Under the HITECH Act RA for MU and Continuous Monitoring Lisa Broome, RPMS ISSO.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
An Unprecedented Opportunity: Using Federal Stimulus Funds to Advance Health IT in California Testimony of Sam Karp, Vice President of Programs California.
The NIST Special Publications for Security Management By: Waylon Coulter.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
RF Safety and Risk Communications
Presenter: Mohammed Jalaluddin
Medical Device Cybersecurity Legislative Activities - Overview
Standards and the National HIT Agenda John W. Loonsk, MD
Matthew Christian Dave Maddox Tim Toennies
HIPAA Security Standards Final Rule
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Privacy in Nationwide Health IT
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
CyberSecure: Your Medical Practice
ONC Update for HITSP Board
Presentation transcript:

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist Computer Security Division Information Technology Laboratory National Institute of Standards and Technology March 22, 2010

NISTs Mission To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology … 2 Credit: NIST Credit: R. Rathe … in ways that enhance economic security and improve our quality of life.

Computer Security Divisions Mission A division with the Information Technology Lab, CSD provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services … 3 … in order to build trust and confidence in Information Technology (IT) systems

Agenda 4

Meaningful Use, Standards, and Certifications (Oh My) Meaningful Use (NPRM) Adopt and meaningfully use certified electronic health record (EHR) technology Stage 1(beginning in 2011): Ensure adequate privacy and security protections for personal health information. Standards and Certification (IFR) Represents the first step in an incremental approach to adopting standards, implementation specifications, and certification criteria to enhance the interoperability, functionality, utility, and security of health information technology and to support its meaningful use. Standards for HIT to protect Electronic Health Info (IFR, § ) Encryption and decryption of EHI, Record actions related to EHI, Verification that electronic health information has not been altered in transit, Cross- enterprise authentication Certification Criteria (IFR, § ) Access Control, Audit Log, Integrity, Authentication, Encryption

Agenda 6

Risk Management 7 Repeat as necessary RISK MANAGEMENT FRAMEWORK Security Life Cycle Step 1 CATEGORIZE Information Systems FIPS 199 / SP Step 6 MONITOR Security State SP / A Step 3 IMPLEMENT Security Controls SP Step 2 SELECT Security Controls FIPS 200 / SP Security Plan Step 5 AUTHORIZE Information Systems SP Plan of Actions & Milestones Step 4 ASSESS Security Controls SP A Security Assessment Report ORGANIZATIONAL VIEW Organizational Inputs Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Architecture Description FEA Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries Starting Point Risk Executive Function

Health IT Security - What Weve Done… Standards Harmonization Support ONC and HITSP in harmonizing and integrating standards to enable exchange of health information Outreach & Awareness Present on application of security standards and guidelines to HIPAA and HIT security implementations Publications & Resources HIPAA Security Rule Guide HIE Security Architecture

Health IT Security - What We Plan To Do… Security Automation HIPAA Security Rule toolkit Security configuration checklists HIT Test Infrastructure Provide capability for current and future EHR testing needs against standards Conformance and interoperability testing capabilities

Agenda 10

Wireless and Mobile Technology Security Resources Wireless Draft, Guide to Security for WiMAX Technologies , Guide to Bluetooth Security , Recommendations for EAP Methods Used in Wireless Network Access Authentication , Establishing Wireless Robust Security Networks: A Guide to IEEE i Revision 1, Guide to Securing Legacy IEEE Wireless Networks Mobile Technologies , Guidelines on Cell Phone and PDA Security , Users Guide to Securing External Devices for Telework and Remote Access , Guidelines on Cell Phone Forensics Rev 1, Guide to Enterprise Telework and Remote Access Security

Thank You Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Computer Security Resource Center: NIST Health IT Standards and Testing: 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.