NISTIR 7497

Overview
Protecting electronic patient health information is crucial to developing systems and structures that support the exchange of that information among healthcare providers, payers, and consumers using Health Information Exchanges (HIEs).

The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices can be applied to the development of HIEs. This publication assists organizations in ensuring that data protection is adequately addressed throughout the system development life cycle, and that these data protection mechanisms are applied when the organization develops technologies that enable the exchange of health information.