The Health Insurance Portability and Accountability Act Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used or maintained by a covered entity. Covered entities include hospitals, physician groups, health plans and claims clearinghouses. Soon, the rule also will apply to business associates - business partners that have access to sensitive patient information. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information.
To help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environments, NIST has developed a HIPAA Security Rule Self Assessment Toolkit.
In this session, Kevin Stine, manager of the Security Outreach and Integration Group within NIST's Computer Security Division, will:
- Introduce participants to NIST and its role in information security;
- Provide a detailed overview of the toolkit application;
- Discuss how the toolkit can be used to support an organization's risk management process, help improve security safeguards and aid security assessment and compliance activities; and
- Identify additional NIST information security resources, such as risk assessment and security control guidelines, which can help organizations to manage risk and safeguard health information.