NIST updates health care community on IT security work.

On July 29, 2003, the Security Health Care Certification and Accreditation Work Group met at NIST NIST - National Institute of Standards & Technology (US)
NIST - National Industrial Security Program
NIST - National Institute of Science and Technology
NIST - National Intelligence Support Team
NIST - Nonproliferation & International Security Technology Division to review the latest work at NIST regarding IT security standards and guidelines. Approximately 60 people participated in the meeting, of which about 90% were private-sector health care service/support providers. The participants were interested in learning and assessing relevant NIST IT security standards and guidelines they could draw upon to aid the community in complying with requirements of the Health Insurance Portability and Accountability Act (HIPAA) Final Security Rule that was issued by the U.S. Department of Health and Human Services (HHS) in February 2003. The HIPAA Final Security Rule identifies NIST and several IT security documents as sources of information.

NIST provided presentations on draft NIST Special Publication (SP) 800-37, Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems; draft Federal Information Processing Standard 199, Standards for Categorization of Federal Information and Information Systems; the status and overview of forthcoming draft NIST SP 800-53, Guidelines for Selection and Specification of Security Controls for Information Systems; and draft SP 800-50, Building an Information Technology Security Awareness and Training Program. (For copies of the draft documents, see http://csrc.nist.gov/publications/drafts.html.) NIST personnel also briefed the group on a joint NIST and Center for Medicare and Medicaid Services/HHS project to produce a resource guide of NIST information for supporting implementation of the HIPAA Security Rule.

URAC (also known as the American Accreditation HealthCare Commission), a 501(c)(3) non-profit charitable organization founded in 1990 to establish standards for the health care industry, is helping to coordinate the health care community in assessing security standards and best practices for health care information systems through the Security Health Care Certification and Accreditation Work Group. Ultimately, the workgroup hopes to develop a common set of health care security standards that will cover security policies, procedures, controls, and auditing practices for IT security in health care information technology systems.

CONTACT: L. Arnold Johnson, (301) 975-3247; 1.johnson@nist.gov.

COPYRIGHT 2003 National Institute of Standards and Technology
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	News Briefs
Publication:	Journal of Research of the National Institute of Standards and Technology
Date:	Sep 1, 2003
Words:	339
Previous Article:	NIST participates in demonstration of first responder technologies to firefighters.(News Briefs)
Next Article:	NIST issues reference material 8457 to aid orthopedic implant manufactures and researchers.(News Briefs)

Related Articles
NEW PAPER EXPLAINS CALIBRATION SERVICE FOR EXCIMER LASERS.(Brief Article)
Note to Readers.
Message From Past Chief Editor.
NIST CO-SPONSORS PERVASIVE COMPUTING 2001 CONFERENCE.(Brief Article)
NIST offers online metrology resource for electronics manufacturers. (News Briefs).(Brief Article)
Foreword.
NIST contributes to report on Protecting Buildings from terrorist attacks. (General Developments).(Brief Article)
NIST establishes reference for measuring frequency dependence of capacitors.(News Briefs)
NIST hosts groundbreaking voting standards symposium.(General Developments)(Brief Article)
NIST report puts priority on safety in skyscrapers.(National Institute of Standards and Technology)