Security Architecture Design Process for Health Information Exchanges (HIEs)

Security Architecture Design Process for Health Information Exchanges (HIEs)

Electronic Health Care records offer enormous efficiencies, but passing such sensitive information between organizations creates challenges. This guide provides a framework for securing health care info exchanges.

Protecting electronic patient health information is crucial to developing systems
and structures that support the exchange of that information among healthcare
providers, payers, and consumers using Health Information Exchanges (HIEs). As noted in
the Summary of the Nationwide Health Information Network (NHIN) report from the Office
of the National Coordinator, “An important core competency of the HIE is to maintain a
trusting and supportive relationship with the organizations that provide data to, and
retrieve data from, one another through the HIE. The trust requirement is met through a
combination of legal agreements, advocacy, and technology for ensuring meaningful
information interchange in a way that has appropriate protections.”

The purpose of this publication is to provide a systematic approach to designing
technical security architecture for the exchange of health information that leverages
common government and commercial practices and that demonstrates how these practices
can be applied to the development of HIEs. This publication assists organizations in
ensuring that data protection is adequately addressed throughout the system development
life cycle, and that these data protection mechanisms are applied when the organization
develops technologies that enable the exchange of health information.

The attached Zip file includes:

• Intro Page.doc
• Cover Sheet and Terms.doc
• Security Architecture Design Process for Health Information Exchanges
  (HIEs).pdf