Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Tools for protecting privacy and confidentiality
Slide content:Tools for Protecting Health Information Brought to wider light by IOM report For the Record ( Committee on Maintaining Privacy and Security ,1997) Guide to Privacy and Security of Electronic Health Information (ONC & OCR, 2015) NIST Critical Cybersecurity Infrastructure Framework SANS And many more . 9
Slide notes:The next slides discuss tools for protecting health information. A good source to begin with is the Institute of Medicine (IOM) report For the Record, which addresses issues of protecting electronic health information. The report was commissioned by the National Library of Medicine and informed the HIPAA [hip-uh] legislation. It also made recommendations on immediate and future best practices. While some of the content in the book is dated, the framework provides a good way of thinking about the problem. As already mentioned, ONC, in coordination with OCR, created the Guide to Privacy and Security of Electronic Health Information . Many other industry activities, resources, and publications are publically available and address various aspects of privacy and security practices, practices pertaining to specific technologies such as mobile devices, as well as training resources for security professionals. In 2013, the President of the United States issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which directed NISTNational Institute of Standards and Technologyto work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. The NIST website has many resources publically available, and NISTs work continues in development of practices, guidelines, and tools to support effective cybersecurity efforts. The Framework for Improving Critical Infrastructure Cybersecurity is found at http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf. SANS (at www.SANS.org) is an example of an industry resource that focuses on security training and certification of security professionals as well as on research. 9