If you're a covered entity, you should pay close attention to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Many doctors, dentists, chiropractors and other covered entities unknowingly violate one or more of the requirements set forth in the Security Rule, placing their respective practice at risk for fines and corrective action. Thankfully, there's a free-to-use tool available to covered entities and business associates to promote greater compliance with the HIPAA Security Rule.
Produced by the National Institute of Standards and Technology (NIST), the HIPAA Security Toolkit Application is designed to help covered entities and business associates understand the nuances of the HIPAA Security Rule and its requirements. It also provides advice on how to implement those requirements and reduce the risk of breaches and unauthorized access of Electronic Protected Health Information (ePHI).
Originally released October 31, 2011, the HIPAA Security Toolkit Application has become an essential tool in HIPAA compliance. Whether you operate a small family medical practice or a national healthcare network, you can use the Toolkit to improve compliance with the HIPAA Security Rule.
While NIST doesn't focus solely on HIPAA, it's been involved in healthcare technology and compliance since 1994. As such, NIST has joined forces with the Department of Health and Human Services (HHS) to produce this free-to-use Toolkit. The Security Toolkit Application should be used to supplement a covered entity or business associate's existing efforts to comply with the HIPAA Security Rule.
More specifically, the NIST HIPAA Security Toolkit Application addresses all 45 implementation specifications required under the Security Rule. Furthermore, it provides information on basic security practices, security vulnerabilities, risk management, personnel issues and more. While neither the HHS nor Office of Civil Rights (OCR) requires covered entities to use the HIPAA Security Toolkit Application, doing so will almost certainly prove beneficial in maintaining compliance with the Security Rule and its specifications.
It's also worth mentioning that the HIPAA Security Toolkit Application does NOT cover the HIPAA Privacy Rule. Rather, it focuses specifically on Security Rule compliance. Covered entities should seek guidance for Privacy Rule compliance elsewhere.
You can download the NIST HIPAA Security Toolkit Application for Microsoft Windows computers by visiting https://scap.nist.gov/hipaa/downloads/Setup_HSR_Toolkit.exe. For Apple Mac computers, visit https://scap.nist.gov/hipaa/downloads/HSRToolkit.dmg. For complete instructions on how to use the Toolkit, check out the official user guide at https://scap.nist.gov/hipaa/NIST_HSR_Toolkit_User_Guide.pdf.