Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security - Health Information Technology

Summary

Organizations need standards, guidelines, and other publications in order to effectively and efficiently manage their security programs, protect their information and information systems, and protect patient privacy. Collaborating with stakeholders, NIST provides standards, guidelines, tools and technologies to protect information systems, including health information technology (IT) systems, against threats to the:

  • Confidentiality of information
  • Integrity of information and processes
  • Availability of information and services

<RETURN TO THE HEALTH INFORMATION TECHNOLOGY (IT) HOME PAGE>

Description

Specifically in the area of health IT, NIST researchers are:

  • Leveraging security automation principles and specifications to develop baseline security configuration checklists and toolkits to aid organizations in implementing the HIPAA Security Rule standards and implementation specifications.
  • Developing a harmonized set of security principles for use in establishing architectures supporting the exchange of health information.
  • Conducting outreach and awareness on security challenges, threats and safeguards, including presentations at industry conferences, workshops, Federal Advisory committees and at other federal agencies on the application of security standards and guidelines to support health IT implementations.

National Cybersecurity Center of Excellence (NCCOE) Use Cases:

HIPAA Security Rule

HIPAA Security Rule Toolkit

The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.

Podcast on HIPAA Security Toolkit: Toolkit Helps with Risk Assessments (link is external)

HIPAA Conference Presentations:

Health Information Exchange (HIE) Security Architecture

 

Security Fact Sheet

 

<RETURN TO THE HEALTH INFORMATION TECHNOLOGY (IT) HOME PAGE>

Created March 22, 2017, Updated September 20, 2019