NIST OKs contract for HIPAA electronic toolkit

Providers and healthcare organizations looking for additional assistance in meeting the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule may soon get their wish. The National Institute of Standards and Technology (NIST) has awarded a contract to develop an new online toolkit and manual.

The contract, valued at less than $1 million, was awarded to Exeter Government Services of Gaithersburg, MD, to provide the software application, according to Government Health IT. Funding is being provided under the American Recovery and Reinvestment Act.

Target users of the new online tool can range in size from a large nationwide health plan with vast information technology resources to small healthcare providers with limited access to IT expertise, according to NIST in a Jan. 31 announcement on the Federal Business Opportunities website.

The toolkit will enable NIST to use the open checklist interactive language (OCIL), a standard used to express and evaluate non-automated (i.e., manual) security checks, and the extensible checklist configuration description format (XCCDF), which will provide a uniform foundation for expression of security checklists, benchmarks, and other configuration guidance, according to the announcement.

Both of these standards are part of the security content automation protocol (SCAP), which are a set of standards used to monitor, manage, and assess compliance with security configurations in applications and computer systems.

The application will be placed on NIST's website when it is completed.

For more details:
- read this Government Health IT article
- view the article at
- see the Federal Business Opportunities website