Testing of security for information exchange planned

The National Cybersecurity Center of Excellence plans to test tools and technologies to support the secure exchange of electronic health information, especially for small healthcare providers.

As part of the effort, the National Institute of Standards and Technology (NIST) seeks organizations to provide products and technical expertise to test security platforms for health information exchange that will make it easier for small providers to share patient data.

Participation is open to all interested organizations, not just those involved with healthcare, using EHRs or covered by HIPAA, according to an announcement published in the Federal Register.

This is the first step for the National Cybersecurity Center of Excellence in the Secure Exchange of Electronic Health Information project, for which NIST has not yet published a start date. The demonstration project aims to develop tools and methods to support the secure exchange of health information, a process which may be especially difficult for small providers who might lack the security infrastructure or expertise of larger healthcare organizations.

The effort also will explore challenges posed by the variety of devices that can be used in exchange, the range of healthcare data exchange standards, concerns about the lack of physical security controls or the ability to circumvent security features, and interaction with a variety of systems in terms of data synchronization and storage.

“Although a number of components are available to address some of these concerns in some healthcare environments, security platforms that are composed of available capabilities in a secure, usable and affordable manner to provide comprehensive solutions are needed for the very large number of small healthcare providers,” NIST said in the notice.