A risk analysis, as required under the HIPAA Security Rule, is a critical and foundational component of an effective risk management process that helps covered entities, and their business associates, to perform their mission and protect the health information entrusted to them.
The National Institute of Standards and Technology has developed the HIPAA Security Rule Self-Assessment Toolkit to help organizations with their risk management processes.
In this webinar, a NIST security specialist will:
Provide a detailed overview of the toolkit;
Outline practical ways to use the toolkit to support an organization's risk management process; and
Explain additional NIST information security resources that can help organizations to safeguard health information.
The National Institute of Standards and Technology, a non-regulatory agency of the Department of Commerce, is responsible for providing standards and technology to protect against threats to the confidentiality, integrity and availability of information and information systems. NIST's Computer Security Division is positioned to ensure that new technologies are selected, deployed and operated in a manner that reduces risk.
The Health Insurance Portability and Accountability Act Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used or maintained by a covered entity. Covered entities include hospitals, physician groups, health plans and claims clearinghouses. Soon, the rule also will apply to business associates - business partners that have access to sensitive patient information. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information.
To help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environments, NIST has developed a HIPAA Security Rule Self Assessment Toolkit.
In this session, Kevin Stine, manager of the Security Outreach and Integration Group within NIST's Computer Security Division, will:
Introduce participants to NIST and its role in information security;
Provide a detailed overview of the toolkit application;
Discuss how the toolkit can be used to support an organization's risk management process, help improve security safeguards and aid security assessment and compliance activities; and
Identify additional NIST information security resources, such as risk assessment and security control guidelines, which can help organizations to manage risk and safeguard health information.
Acting Manager - Security & Integration Group, National Institute of Standards and Technology (NIST)
Kevin Stine is the acting manager of the Security Outreach and Integration Group within the National Institute of Standards and Technology's Computer Security Division. His work at NIST focuses on applying information security standards, practices and technologies to the health information technology sector; publishing information security standards and guidelines; conducting outreach and awareness; and advancing security performance measurement. He also serves as the chairperson of the Federal Computer Security Program Managers' Forum, an informal group sponsored by NIST to promote the sharing of information system security practices among federal agencies