HIPAA Tip: HIPAA Security Rule & National Institute of Standards and Technology

The HIPAA Security Rule is in place to address the Administrative, Physical and Technical Safeguards that must be put in place to ensure the Confidentiality, Integrity and Availability (CIA) of all Protected Health Information (PHI) a Covered Entity and their Business Associates are responsible for securing.

What does the National Institute of Standards and Technology (NIST) have to do with the HIPAA Security Rule you ask?

During the National HIPAA Summit the HIPAA Security Rule safeguard standards and implementation specifications were discussed at great length: how a required specification is just what it says – this is a HIPAA requirement – and an addressable specification must also be “addressed” – NOT an option; however; addressable was developed to provide Covered Entities and Business Associates additional flexibility with respect to complying with the HIPAA Security Rule. And now back to NIST.

Although the federal government, their contractors and subcontractors must follow NIST security standards, the HIPAA Rules are not encompassed by these requirements. Since NIST develops compliance best practices in their Special Publications (SP) around the HIPAA Security Rule, conducting Risk Assessments and Cybersecurity Framework, these act in conjunction with HIPAA Rule guidance. Take advantage of the valuable informational tools NIST has to offer to assist your organization when it comes to HIPAA compliance and security best practices.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.