Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Summary
Organizations need standards, guidelines, and other publications in order to effectively and efficiently manage their security programs, protect their information and information systems, and protect patient privacy. Collaborating with stakeholders, NIST provides standards, guidelines, tools and technologies to protect information systems, including health information technology (IT) systems, against threats to the:
- Confidentiality of information
- Integrity of information and processes
- Availability of information and services
<RETURN TO THE HEALTH INFORMATION TECHNOLOGY (IT) HOME PAGE>
Description
Specifically in the area of health IT, NIST researchers are:
- Leveraging security automation principles and specifications to develop baseline security configuration checklists and toolkits to aid organizations in implementing the HIPAA Security Rule standards and implementation specifications.
- Developing a harmonized set of security principles for use in establishing architectures supporting the exchange of health information.
- Conducting outreach and awareness on security challenges, threats and safeguards, including presentations at industry conferences, workshops, Federal Advisory committees and at other federal agencies on the application of security standards and guidelines to support health IT implementations.
National Cybersecurity Center of Excellence (NCCOE) Use Cases:
- Securing Telehealth Remote Patient Monitoring Ecosystem
Helping to secure the telehealth ecosystems at both healthcare delivery organizations and the patient home environments. Learn more about this project. - Securing Picture Archiving and Communication System
Providing guidance for securing the PACS ecosystem in healthcare sector organizations. Learn more about this project and download the NIST Cybersecurity Practice Guide, SP 1800-24. - Securing Wireless Infusion Pumps
Helping Healthcare Delivery Organizations secure wireless infusion pumps on an enterprise network. Learn more about this project and download the NIST Cybersecurity Practice Guide, SP 1800-8. - Securing Electronic Health Records on Mobile Devices
A platform for healthcare providers to securely document, maintain, and exchange electronic patient information among mobile devices. Learn more about this project and download the NIST Cybersecurity Practice Guide, SP 1800-1.
HIPAA Security Rule
HIPAA Security Rule Toolkit
The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.
Podcast on HIPAA Security Toolkit: Toolkit Helps with Risk Assessments (link is external)
HIPAA Conference Presentations:
- 2019 HIPAA Conference
- 2015 HIPAA Conference
- 2014 HIPAA Conference
- 2013 HIPAA Conference
- 2012 HIPAA Conference
- 2011 HIPAA Conference (link is external)
Health Information Exchange (HIE) Security Architecture
<RETURN TO THE HEALTH INFORMATION TECHNOLOGY (IT) HOME PAGE>