NIST updates health care community on IT security work.On July 29, 2003, the Security Health Care Certification and Accreditation Work Group met at NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. to review the latest work at NIST regarding IT security standards and guidelines. Approximately 60 people participated in the meeting, of which about 90% were private-sector health care service/support providers. The participants were interested in learning and assessing relevant NIST IT security standards and guidelines they could draw upon to aid the community in complying with requirements of the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) Final Security Rule that was issued by the U.S. Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS (HHS HHS Department of Health and Human Services. ) in February 2003. The HIPAA Final Security Rule identifies NIST and several IT security documents as sources of information. NIST provided presentations on draft NIST Special Publication (SP) 800-37, Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems; draft Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. 199, Standards for Categorization of Federal Information and Information Systems; the status and overview of forthcoming draft NIST SP 800-53, Guidelines for Selection and Specification of Security Controls for Information Systems; and draft SP 800-50, Building an Information Technology Security Awareness and Training Program. (For copies of the draft documents, see http://csrc.nist.gov/publications/drafts.html.) NIST personnel also briefed the group on a joint NIST and Center for Medicare and Medicaid Medicare and Medicaid U.S. government programs in effect since 1966. Medicare covers most people 65 or older and those with long-term disabilities. Part A, a hospital insurance plan, also pays for home health visits and hospice care. Services/HHS project to produce a resource guide of NIST information for supporting implementation of the HIPAA Security Rule. URAC (also known as the American Accreditation HealthCare Commission), a 501(c)(3) non-profit charitable organization founded in 1990 to establish standards for the health care industry, is helping to coordinate the health care community in assessing security standards and best practices for health care information systems through the Security Health Care Certification and Accreditation Work Group. Ultimately, the workgroup hopes to develop a common set of health care security standards that will cover security policies, procedures, controls, and auditing practices for IT security in health care information technology systems. CONTACT: L. Arnold Johnson, (301) 975-3247; 1.johnson@nist.gov. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion