NIST offers HIPAA security guidance

The National Institute of Standards and Technology has issued a new guide on securing health information.

The guide, Special Publication 800-66, recommends the type of systems that are needed to meet the Health Insurance Portability and Accountability Act security mandates that take effect April 20.

The publication, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule, details the minimum requirements to secure health information and systems.

NIST identifies resources relevant to the specific security standards included in the HIPAA security rule and provides implementation examples for each.

Under the rule, doctors and hospitals must secure and protect patient information from unauthorized use, such as hackers, while also keeping it available for legitimate use. The rule also applies to agencies that transmit health information in electronic form.

The guide also lays out similarities between the HIPAA security rule and the Federal Information Security Management Act of 2002, which all agencies must fulfill.