Among the myriad questions providers encounter as they move to EHRs is how best to protect the privacy and security of their patients’ health information.

With the goal of helping doctors answer that question, the National Institute of Standards and Technology (NIST) recently released a new, free tool designed to help providers understand and implement the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Enacted by Congress, the HIPAA Security Rule established a national set of standards for protecting electronic protected health information (EPHI) that is created, transmitted, or maintained by covered entities and their business associates. According to HHS, organizations considered “covered entities” include providers who transmit electronic health information, as well as HMOs, health insurance companies, and company health plans. The law requires "covered entities" and business associates to follow the HIPAA Security Rule.

The NIST toolkit is intended to be a resource that organizations falling under the HIPAA Rule can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved.

According to NIST information security specialist Kevin Stine, "Our HIPAA Security Rule Toolkit is designed to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information." He noted that the application is meant as a self-assessment tool and does not indicate HIPAA Security Rule compliance.

The free toolkit, available from the NIST website, comes with a comprehensive User Guide and a self-contained, stand-alone software application that can run on Windows, Mac and Linux operating systems.

Jeff Rowe blogs regularly at EHRWatch.com.