Any business that provides health care services or deals in any way with medical records needs to stay abreast of developments related to HIPAA, the major privacy law that details the ways in which such information must be secured for the protection of patients. Now, the National Institute of Standards and Technology has released a HIPAA Security Rule Toolkit to assist such businesses as they conduct risk assessments so they can identify the areas in which they need to improve. The toolkit is available free of charge.
According to Kevin Stine from NIST, "My hope is that organizations will use this tool to gain a better understanding of the security controls that they have put in place to protect their health information and to support a more comprehensive risk assessment process." Stine went on to remark that using the toolkit does not necessarily mean that organizations will be in full compliance with all HIPAA standards. Instead, using it will help businesses to understand HIPAA requirements better so they can evaluate their own implementation of the law.
The new HIPAA Security Rule Toolkit is ideally implemented through a managed programs approach. In this model for IT solutions and services, visiting personnel routinely come to a business premises to take care of ongoing tech needs. The toolkit is a good match for this model of IT services because putting it to use in such a manner will not disrupt the workflow of other employees. Instead, the managed programs personnel can implement the toolkit and bring the results to the attention of management.