NIST Shares Risk-Based Guide to Information Exchange Security
Health IT Security
NIST released a proposed guide designed to support the use of information exchange channels, which provides insights on risk-based considerations to protect data throughout the sharing process and case studies around the effective management of exchanged information.
For healthcare, the guide could support health information exchanges (HIEs), as well as the increased data sharing between entities in support of the COVID-19 response. The NIST insights could be used in conjunction with recent guidance from the Office for Civil Rights, which outlines HIPAA-compliant disclosures of protected health information through HIEs.
Managing the Security of Information Exchanges details the needed security to protect the integrity, confidentiality, and availability of exchanged data to reduce the risk of compromise. NIST stressed the importance of similar levels of protections used at the entities sharing data.
Administrators can use...