The National Institute of Standards and Technology is developing an online toolkit and electronic user manual to help providers and health plans understand and establish the requirements for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
NIST has awarded a contract valued at less than $1 million to Exeter Government Services of Gaithersburg, Md., to provide the software application.
The electronic tool will also assist organizations in assessing how well they have applied the safeguards in their operations. When complete, NIST will post the toolkit to its website, according to a Jan. 31 announcement on the Federal Business Opportunities website.
The HIPAA Security Rule has established standards to protect the confidentiality of electronic personal health information that is created, received, used or stored by a covered entity, such as physicians, hospitals, insurance plans and their business associates.
[See also: Top 5 HIPAA 5010, ICD-10 hurdles.]
The software will contain questions and activities to guide users in making sure they comply with the rule's requirements.
With the online tool, NIST will have the chance to expand use of both the open checklist interactive language (OCIL), a standard means to express and evaluate manual security checks, and the extensible checklist configuration description format (XCCDF), which provides a foundation for expression of security checklists and other security configuration guidance, the announcement said.
[See also: Experts name top 7 trends in health information privacy for 2011.]
Both standards are components of the security content automation protocol (SCAP), a set of standards used to monitor, manage and assess adherence to security configurations in applications and computer systems.