Governance , HIPAA/HITECH

Using the NIST HIPAA Security Rule Toolkit for Risk Assessments
Using the NIST HIPAA Security Rule Toolkit for Risk Assessments
A risk analysis, as required under the HIPAA Security Rule, is a critical and foundational component of an effective risk management process that helps covered entities, and their business associates, to perform their mission and protect the health information entrusted to them.

The National Institute of Standards and Technology has developed the HIPAA Security Rule Self-Assessment Toolkit to help organizations with their risk management processes.

In this webinar, a NIST security specialist will:

  • Provide a detailed overview of the toolkit;
  • Outline practical ways to use the toolkit to support an organization's risk management process; and
  • Explain additional NIST information security resources that can help organizations to safeguard health information.

See Also: Security Shouldn't be Boxed: The Cloudified Edge & End of an Era for Hardware Box Providers

Background

The National Institute of Standards and Technology, a non-regulatory agency of the Department of Commerce, is responsible for providing standards and technology to protect against threats to the confidentiality, integrity and availability of information and information systems. NIST's Computer Security Division is positioned to ensure that new technologies are selected, deployed and operated in a manner that reduces risk.

The Health Insurance Portability and Accountability Act Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used or maintained by a covered entity. Covered entities include hospitals, physician groups, health plans and claims clearinghouses. Soon, the rule also will apply to business associates - business partners that have access to sensitive patient information. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information.

To help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environments, NIST has developed a HIPAA Security Rule Self Assessment Toolkit.

In this session, Kevin Stine, manager of the Security Outreach and Integration Group within NIST's Computer Security Division, will:

  • Introduce participants to NIST and its role in information security;
  • Provide a detailed overview of the toolkit application;
  • Discuss how the toolkit can be used to support an organization's risk management process, help improve security safeguards and aid security assessment and compliance activities; and
  • Identify additional NIST information security resources, such as risk assessment and security control guidelines, which can help organizations to manage risk and safeguard health information.



Around the Network