NIST Unveils Free HIPAA Toolkit

Application Offers Security Rule Compliance Help
NIST Unveils Free HIPAA Toolkit
The National Institute of Standards and Technology is offering a free online HIPAA Security Rule Toolkit, a self-assessment tool that's designed to help healthcare organizations and their business associates comply with the rule.

The stand-alone application, available for Windows, Mac and Linux, presents a series of questions in groups related to each of the Health Insurance Portability and Accountability Act's Security Rule standards and implementations specifications. It follows the established HIPAA structure of administrative, physical and technical safeguards; organizational requirements; and policies, procedures and documentation requirements.

The kit is designed "to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information," says Kevin Stine, NIST information security specialist. He emphasizes, however, that using the self-assessment tool "does not indicate HIPAA Security Rule compliance." Rather, the application is a resource to support risk assessment processes and help identify areas where security safeguards may be needed or where existing measures should be improved, he explains.

NIST entered a contract with Exeter Government Services, a Gaithersburg, Md.-based consulting firm, to prepare the toolkit.

The Department of Health and Human Services' Office for Civil Rights is still working on a final version of HITECH Act-mandated modifications to HIPAA. Exeter will collaborate with NIST to update the toolkit as necessary in light of the final modifications, Stine said earlier this year.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.