Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share


Organizations need standards, guidelines, and other publications in order to effectively and efficiently manage their security programs, protect their information and information systems, and protect patient privacy. Collaborating with stakeholders, NIST provides standards, guidelines, tools and technologies to protect information systems, including health information technology (IT) systems, against threats to the:

  • Confidentiality of information
  • Integrity of information and processes
  • Availability of information and services

Specifically in the area of health IT, NIST researchers are:

  • Leveraging security automation principles and specifications to develop baseline security configuration checklists and toolkits to aid organizations in implementing the HIPAA Security Rule standards and implementation specifications.

  • Developing a harmonized set of security principles for use in establishing architectures supporting the exchange of health information.

  • Conducting outreach and awareness on security challenges, threats and safeguards, including presentations at industry conferences, workshops, Federal Advisory committees and at other federal agencies on the application of security standards and guidelines to support health IT implementations.

National Cybersecurity Center of Excellence (NCCOE) Use Cases:

HIPAA Security Rule Toolkit

The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.

Podcast on HIPAA Security Toolkit:  Toolkit Helps with Risk Assessments

Security Fact Sheet