NIST Unveils Free HIPAA ToolkitApplication Offers Security Rule Compliance Help
The stand-alone application, available for Windows, Mac and Linux, presents a series of questions in groups related to each of the Health Insurance Portability and Accountability Act's Security Rule standards and implementations specifications. It follows the established HIPAA structure of administrative, physical and technical safeguards; organizational requirements; and policies, procedures and documentation requirements.
The kit is designed "to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information," says Kevin Stine, NIST information security specialist. He emphasizes, however, that using the self-assessment tool "does not indicate HIPAA Security Rule compliance." Rather, the application is a resource to support risk assessment processes and help identify areas where security safeguards may be needed or where existing measures should be improved, he explains.
NIST entered a contract with Exeter Government Services, a Gaithersburg, Md.-based consulting firm, to prepare the toolkit.
The Department of Health and Human Services' Office for Civil Rights is still working on a final version of HITECH Act-mandated modifications to HIPAA. Exeter will collaborate with NIST to update the toolkit as necessary in light of the final modifications, Stine said earlier this year.