Online tool to help providers comply with HIPAA security

Article from Healthcare IT News – Feb 2, 2011

WASHINGTON – The National Institute of Standards and Technology is developing an online toolkit and electronic user manual to help providers and health plans understand and establish the requirements for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

NIST has awarded a contract valued at less than $1 million to Exeter Government Services of Gaithersburg, Md., to provide the software application.

The electronic tool will also assist organizations in assessing how well they have applied the safeguards in their operations. When complete, NIST will post the toolkit to its website, according to a Jan. 31 announcement on the Federal Business Opportunities website.

Moderator’s Note: A release date for this much need tool is not yet available. We will be watching and provide additional information as it becomes available.

The HIPAA Security Rule has established standards to protect the confidentiality of electronic personal health information that is created, received, used or stored by a covered entity, such as physicians, hospitals, insurance plans and their business associates.

The software will contain questions and activities to guide users in making sure they comply with the rule’s requirements.

With the online tool, NIST will have the chance to expand use of both the open checklist interactive language (OCIL), a standard means to express and evaluate manual security checks, and the extensible checklist configuration description format (XCCDF), which provides a foundation for expression of security checklists and other security configuration guidance, the announcement said.

Both standards are components of the security content automation protocol (SCAP), a set of standards used to monitor, manage and assess adherence to security configurations in applications and computer systems.