Security Architecture Design Process for Health Information Exchanges (HIEs)

Scholl, Matthew; Stine, Kevin; Lin, Kenneth; Steinberg, Daniel

doi:https://doi.org/10.6028/NIST.IR.7497

NISTIR 7497

Security Architecture Design Process for Health Information Exchanges (HIEs)

Documentation Topics

Date Published: September 2010

Author(s)

Matthew Scholl (NIST), Kevin Stine (NIST), Kenneth Lin (BAH), Daniel Steinberg (BAH)

Abstract

The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices can be applied to the development of HIEs. This publication assists organizations in ensuring that data protection is adequately addressed throughout the system development life cycle, and that these data protection mechanisms are applied when the organization develops technologies that enable the exchange of health information.

Keywords

Health Information Exchange; health IT; HIE; information security

Control Families

Access Control; Planning; Risk Assessment; System and Services Acquisition

Documentation

Publication:
NISTIR 7497 (DOI)
Local Download

Supplemental Material:
None available

Document History:
09/30/10: NISTIR 7497 (Final)

Topics

Security and Privacy
acquisition; planning; risk assessment

Laws and Regulations
Health Insurance Portability and Accountability Act

Sectors
healthcare