Security Architecture Design Process for Health Information Exchanges (HIEs)
Protecting electronic patient health information is crucial to developing systems and structures that support the exchange of that information among healthcare providers, payers, and consumers using Health Information Exchanges (HIEs). As noted in the Summary of the Nationwide Health Information Network (NHIN) report from the Office of the National Coordinator, "An important core competency of the HIE is to maintain a trusting and supportive relationship with the organizations that provide data to, and retrieve data from, one another through the HIE. The trust requirement is met through a combination of legal agreements, advocacy, and technology for ensuring meaningful information interchange in a way that has appropriate protections."
The purpose of this publication is to provide a systematic approach to designing technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices can be applied to the development of HIEs. This publication assists organizations in ensuring that data protection is adequately addressed throughout the system development life cycle, and that these data protection mechanisms are applied when the organization develops technologies that enable the exchange of health information.
The attached Zip file includes:
- Intro Page.doc
- Cover Sheet and Terms.doc
- Security Architecture Design Process for Health Information Exchanges (HIEs).pdf