Toolkit Helps With Risk Assessments

NIST HIPAA Security Rule Toolkit Offers Guidance

By , December 2, 2011.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
Toolkit Helps With Risk Assessments

A new, free HIPAA Security Rule Toolkit is designed to help healthcare organizations conduct a thorough risk assessment, says Kevin Stine, who helped guide the project for the National Institute of Standards and Technology."My hope is that organizations will use this tool to gain a better understanding of the security controls that they have put in place to protect their health information and to support a more comprehensive risk assessment process," Stine says.

In an interview with HealthcareInfoSecurity, Stine explains that use of the toolkit does not guarantee compliance with the HIPAA security rule. Rather, it helps organizations "identify areas where they may need either additional security safeguards to protect their information, or to improve upon existing ones."

Stine also:

  • Describes the goals of the kit as helping organizations gain a better understanding of the rule, implement the rule's requirements and assess their implementation.
  • Points out that the kit is designed for use by HIPAA covered entities of all sizes, as well as their business associates. The kit offers a series of questions addressing each security rule standard and implementation specification. It offers 1,000 questions for larger organizations to address, plus a subset of about 600 questions for smaller organizations.
  • Describes how the tool was developed in collaboration with a NIST contractor, Exeter Government Services (see: NIST Unveils Free HIPAA Toolkit).
  • Notes that the tool likely will be updated once the final version of a rule modifying HIPAA, as mandated under the HITECH Act, is released.

The kit is available for download at the NIST website.

Stine is the acting manager of the security outreach and Integration group within the National Institute of Standards and Technology's computer security division. His work at NIST focuses on applying information security standards, practices and technologies to the health information technology sector; publishing information security standards and guidelines; conducting outreach and awareness; and advancing security performance measurement. Before joining NIST, Kevin served as the chief information security officer for the Food and Drug Administration.

Follow Howard Anderson on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE 6 Questions About the Partners Breach

Partners HealthCare System is the latest healthcare organizations to suffer a data breach following...

Latest Tweets and Mentions

ARTICLE 6 Questions About the Partners Breach

Partners HealthCare System is the latest healthcare organizations to suffer a data breach following...

The ISMG Network