“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic health care records is outpacing the privacy and security protections on those devices.”

The NCCoE has released a draft of its first cybersecurity practice guide, “Securing Electronic Health Records on Mobile Devices,” and invites you to download the draft and provide feedback. For ease of use, the draft guide is available to download in sections:

• SP 1800-1a: Executive Summary
• SP 1800-1b: Approach, Architecture, and Security Characteristics
• SP 1800-1c: How-To Guide
• SP 1800-1d: Standards and Controls Mapping
• SP 1800-1e: Risk Assessment and Outcomes

Or you can get a .zip file of all volumes, plus manifest and template files referred to in SP 1800-1c (4.82 MB).”