Organizations need standards, guidelines, and other publications in order to effectively and efficiently manage their security programs, protect their information and information systems, and protect patient privacy. Collaborating with stakeholders, NIST provides standards, guidelines, tools and technologies to protect information systems, including health information technology (IT) systems, against threats to the:
Specifically in the area of health IT, NIST researchers are:
Leveraging security automation principles and specifications to develop baseline security configuration checklists and toolkits to aid organizations in implementing the HIPAA Security Rule standards and implementation specifications.
Developing a harmonized set of security principles for use in establishing architectures supporting the exchange of health information.
Conducting outreach and awareness on security challenges, threats and safeguards, including presentations at industry conferences, workshops, Federal Advisory committees and at other federal agencies on the application of security standards and guidelines to support health IT implementations.
The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.
Podcast on HIPAA Security Toolkit: Toolkit Helps with Risk Assessments