NSIT Releases HIPAA Security Rule Toolkit for Providers
HIPAA Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule (45 CFR 160, 162, and 164) establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Who is NSIT?
NIST (National Institute of Standards and Technology) has been involved in Health Information Technology (HIT) research since 1994 and, through the American Recovery and Reinvestment Act (ARRA) of 2009, is playing a major role in accelerating the development and harmonization of standards and developing conformance test tools for HIT.
NSIT HSR Toolkit
The NIST toolkit is intended to be a resource that organizations falling under the HIPAA Rule can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved.
According to NIST information security specialist Kevin Stine, “Our HIPAA Security Rule Toolkit is designed to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information.” He noted that the application is meant as a self-assessment tool and does not indicate HIPAA Security Rule compliance.
The free toolkit, available from the NIST website, comes with a comprehensive User Guide and a self-contained, stand-alone software application that can run on Windows, Mac and Linux operating systems.
The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services. Target user organizations can range in size from large nationwide health plans with vast information technology (IT) resources to small health care providers with limited access to IT expertise.
Image from toolkit:
Questions or comments, Contact Us