Kevin Stine, Information Security Specialist Computer Security Division

Post on 10-Feb-2016

54 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

NIST’s Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare. Kevin Stine, Information Security Specialist Computer Security Division Information Technology Laboratory National Institute of Standards and Technology. March 22, 2010. - PowerPoint PPT Presentation

transcript

NIST’s Role in Securing Health Information

AMA-IEEE Medical TechnologyConference on Individualized Healthcare

Kevin Stine, Information Security Specialist

Computer Security DivisionInformation Technology LaboratoryNational Institute of Standards and Technology

March 22, 2010

NIST’s MissionNIST’s Mission

To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology …

2Credit: NIST

Credit: R. Rathe

… in ways that enhance economic security and improve our quality of life.

Computer Security Division’s MissionComputer Security Division’s Mission

A division with the Information Technology Lab, CSD provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services …

3

… in order to build trust and confidence in Information Technology (IT) systems

AgendaAgenda

Meaningful Use, Standards, and Certification (Oh My)

NIST HIT Security Activities… Past, Present, and Near NIST HIT Security Activities… Past, Present, and Near FutureFuture

Wireless and Mobile Technology ResourcesWireless and Mobile Technology Resources

4

Meaningful Use, Standards, and Certifications (Oh My)Meaningful Use, Standards, and Certifications (Oh My)

Meaningful Use (NPRM) Adopt and meaningfully use certified electronic health record (EHR)

technology

Stage 1(beginning in 2011): Ensure adequate privacy and security protections for personal health information.

Standards and Certification (IFR) Represents the first step in an incremental approach to adopting standards,

implementation specifications, and certification criteria to enhance the interoperability, functionality, utility, and security of health information technology and to support its meaningful use.

Standards for HIT to protect Electronic Health Info (IFR, §170.210)

Encryption and decryption of EHI, Record actions related to EHI, Verification that electronic health information has not been altered in transit, Cross-enterprise authentication

Certification Criteria (IFR, §170.302) Access Control, Audit Log, Integrity, Authentication, Encryption

AgendaAgenda

6

Meaningful Use, Standards, and Certification (Oh My)Meaningful Use, Standards, and Certification (Oh My)

NIST HIT Security Activities… Past, Present, and Near Future

Wireless and Mobile Technology ResourcesWireless and Mobile Technology Resources

Risk ManagementRisk Management

7

Repeat as necessary

RISKMANAGEMENTFRAMEWORK

Security Life Cycle

Step 1CATEGORIZEInformation

SystemsFIPS 199 / SP 800-

60

Step 6MONITOR

Security StateSP 800-37 / 800-

53A

Step 3IMPLEMENT

Security ControlsSP 800-70

Step 2SELECT

Security ControlsFIPS 200 / SP 800-

53Security Plan

Step 5AUTHORIZEInformation

SystemsSP 800-37

Plan of Actions & Milestones

Step 4ASSESS

Security ControlsSP 800-53A

Security Assessment Report

ORGANIZATIONAL VIEWOrganizational Inputs

Laws, Directives, Policy GuidanceStrategic Goals and Objectives

Priorities and Resource AvailabilitySupply Chain Considerations

Architecture DescriptionFEA Reference Models

Segment and Solution ArchitecturesMission and Business Processes Information System Boundaries

Starting Point

Risk Executive Function

Health IT Security - What We’ve Done…Health IT Security - What We’ve Done…

Standards Harmonization

•Support ONC and HITSP in harmonizing and integrating standards to enable exchange of health information

Outreach & Awareness

•Present on application of security standards and guidelines to HIPAA and HIT security implementations

Publications & Resources

•HIPAA Security Rule Guide

•HIE Security Architecture

Health IT Security - What We Plan To Do…Health IT Security - What We Plan To Do…

Security Automation•HIPAA Security Rule toolkit

•Security configuration checklists

HIT Test Infrastructure•Provide capability for current and future EHR testing needs against standards

•Conformance and interoperability testing capabilities

AgendaAgenda

Meaningful Use, Standards, and Certification (Oh My)Meaningful Use, Standards, and Certification (Oh My)

NIST HIT Security Activities… Past, Present, and Near NIST HIT Security Activities… Past, Present, and Near FutureFuture

Wireless and Mobile Technology Resources

10

Wireless and Mobile Technology Security Wireless and Mobile Technology Security ResourcesResources

Wireless 800-127 Draft, Guide to Security for WiMAX Technologies 800-121, Guide to Bluetooth Security 800-120, Recommendations for EAP Methods Used in Wireless Network

Access Authentication 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE

802.11i 800-48 Revision 1, Guide to Securing Legacy IEEE 802.11 Wireless Networks

Mobile Technologies 800-124, Guidelines on Cell Phone and PDA Security 800-114, User’s Guide to Securing External Devices for Telework and Remote

Access 800-101, Guidelines on Cell Phone Forensics 800-46 Rev 1, Guide to Enterprise Telework and Remote Access Security

Thank YouThank You

Kevin Stinekevin.stine@nist.gov

Computer Security DivisionInformation Technology Laboratory

National Institute of Standards and Technology

Computer Security Resource Center: http://csrc.nist.govNIST Health IT Standards and Testing: http://healthcare.nist.gov

12

Top related

Souhaits Dangereux - R.L. Stine
Documents
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Documents
ZACH COOPER HANNAH STINE GALE COOPER R. L. STINE · Champ Gale Cooper Hannah R. L. Stine Slappy Zach a) … is sixteen and is from New York City. b) … lives next to Zach. c) …
Documents
R.L. Stine - IDW Publishing€¦ · . Special thanks to . R.L. Stine. For international rights, contact . licensing@idwpublishing.com. GOOSEBUMPS: SECRETS OF THE SWAMP #1.
Documents
stine buschstinebusch.com/wp-content/uploads/2017/11/CV_StineBusch.pdf · 2017. 11. 10. · stine@stinebusch.com introduction. graphic designer stine busch. Created Date: 7/31/2014
Documents
3DPDF for Revit Tips by Dan Stine
Documents
Stine, Skepticism, Relevant Alternatives, and Deductive Closure.pdf
Documents
Stine 9202-G BRAND - A&J Agronomy
Documents
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Documents
Federal Information Security Management Act … Information Security Management Act (FISMA) Implementation Kevin Stine Computer Security Division . Information Technology Laboratory
Documents
Stine Andrea Kok_ Portfolio Menswear.
Design
Security Controls Assessment for Federal Information · PDF fileSecurity Controls Assessment for . Federal Information Systems. Kevin Stine. ... implementation of the security controls,
Documents
Modeling the Yield Curve - Wharton Statistics Department ...stine/research/penn_fin_club.pdf · Modeling the Yield Curve Bob Stine Statistics Department, Wharton ... Prices Yields
Documents
EE 122: Network Security Kevin Lai December 2, 2002.
Documents
Amazing Author Presentations: R.L Stine
Education
Models for Millions - Statistics DepartmentModels for Millions Bob Stine Department of Statistics The Wharton School, University of Pennsylvania stat.wharton.upenn.edu/~stine 34th
Documents
Stacy Stine Cary Indictment
Documents
STINE GOYA PF16 Lookbook
Documents
Stine Justi: Innovative metoder
Documents
Security architecture design process for health ... · NISTIR 7497 . Security Architecture Design Process for Health Information Exchanges (HIEs) Matthew Scholl . Kevin Stine . Kenneth
Documents

Copyright © 2018 DOCUMENTS