NIST on Healthcare Security: Request for Comments
Posted by Peter Gershkovich for the Technical Standards Committee
Mon 25 July 2022 in Policy
The API Standards committee is looking for your comments on recent cybersecurity documents published by the National Institute of Standards and Technology (NIST). Two of them deserve special attention as they affect medicine:
- Implementing the Health Insurance Portability and Accountability Act (pdf)
- Identity and Access Management at NIST: A Rich History and Dynamic Future
NIST is seeking comments on the draft publication until Sept. 21, 2022
A digest of your comments will be published on our GitHub site and, if appropriate, sent as a comment to NIST.
In our ongoing discussions within the standards committee, we raised an awareness that cybersecurity, if not standardized across healthcare organizations and laboratories (as presented in both documents), could lead to excessive duplication of efforts, unnecessarily delays in systems implementation, and ultimately interfering with patient care by limiting access to critical sources of information via impaired interoperability, blocked resources, or slow implementation of modern innovations.
Pathology Informatics and Medical Informatics in general, by design, are deeply concerned with the sensible implementation of computational technologies in medicine. Pathology Informatics, therefore, should embrace the cybersecurity as one of the key topics in modern computational technology to make sure that it remains sensible.
Increase in cybercrime forced the risk management in many organizations to focus on a range of risk-averse practices in systems management. Informatics must not lose the sight of the overarching risk of harming a patient and interfering with other critical missions –education and research. In our view, it is technically possible to achieve both – highly secure, efficient, and redundant systems that preserve the ability to deliver uninterrupted patient care and keep continuous evaluation and integration of modern technologies into practice of pathology and medicine in general.
Please forward your comments to the list or individually to the members of standards committee or join the committee if you’d like to participate in our discussions!
Best regards from the Standards Committee.