Menu
  1. Home
  2. Standard
    1. Introduction
    2. Overview
    3. Conformance Criteria
      1. Product Development
        1. Regulatory Considerations
        2. Risk Assessment and Mitigation
        3. Usability & Accessibility
        4. Technical Support
      2. Product Implementation
        1. Product Information
        2. Launch App
      3. Product Usage
        1. Authentication
        2. Authorization
        3. Syncing
        4. Storage Security
        5. Transport Security
        6. Data Provenance
        7. Data Exchange
        8. Notifications & Alerts
        9. App Upgrades
        10. Upgrades
        11. Audits
      4. App Termination
        1. Data Removal
        2. Permitted Uses of Data
      5. Non-Functional Requirements
        1. Conditions and Agreements
  3. Search
  4. Workgroup
User Menu Search
Close

Search

Search
Close

2.4 Exemplary Use Cases

As noted in the Introduction, consumer mobile heath apps take many forms, and as such, conformance statements in section 3 of this standard must allow for variation based on multiple factors, including data sensitivity, the nature of conditions addressed by the app (e.g., wellness, chronic illness), and whether/how app data connect to other data sources.

In this section, three archetypal use cases are introduced. While most consumer mobile health apps will not precisely fit any of these models, the models are meant to demonstrate a continuum of issues which may be applied to any app. Use Case A covers the least sensitive example of a health app that collects user information, while Use Case B builds off of Case A with the inclusion of an external system through which personal data is synchronized with the device. Use Case C is the most sophisticated and generates the most requirements. Its description includes examples of the risk factors that should be considered by developers and users.

Section 3 (Conformance Criteria) includes discussion of considerations as to how subsets of conformance criteria can be addressed in different manners, referencing the use cases in this section as a way to provide directional, rather than pinpoint, guidance.

HL7 CMHAFF Standard Overview and Use Cases

Securing Electronic Health Records on Mobile Devices
Nathan E Botts
/ Categories: Sources, Security

Securing Electronic Health Records on Mobile Devices

Guidance from the National Institute of Standards and Technology (NIST) Special Publication: 1800-1

Summary from the NCCoE website:

"Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic healthcare records is outpacing the privacy and security protections on those devices.

Cybersecurity experts at the NCCoE collaborated with healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The example solution is packaged as a “How To” guide, providing organizations with the detailed instructions to recreate our example. Specifically, we show how security engineers and IT professionals, using commercially available and open source tools and technologies that are consistent with cybersecurity standards, can help healthcare organizations that use mobile devices more securely share electronic health records.

Organizations can use some or all of the guide to help them implement healthcare industry standards and best practices, as well as those in the NIST Framework for Improving Critical Infrastructure Cybersecurity. Commercial and open-source standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments."

Print
5028 Rate this article:
No rating
0Upvote 0Downvote
Tags: NIST1800-1cybersecurityEHRMobile DevicesNCCoE

More links

Related articles

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment
Terms Of UsePrivacy StatementCopyright 2024 by HL7 International
Back To Top