Security Rule Guidance MaterialIn this section, you will find educational materials to help you learn more about the HIPAA Security Rule and other sources of standards for safeguarding electronic protected health information (e-PHI). Security Rule Educational Paper Series The HIPAA Security Information Series is a group of educational papers which are designed to give HIPAA covered entities insight into the Security Rule and assistance with implementation of the security standards. Security 101 for Covered Entities Administrative Safeguards Physical Safeguards Technical Safeguards Organizational, Policies and Procedures and Documentation Requirements Basics of Risk Analysis and Risk Management Security Standards: Implementation for the Small Provider HIPAA Security GuidanceHHS has developed guidance to assist HIPAA covered entities in complying with the risk analysis requirements of the Security Rule. Risk Analysis HHS has also developed guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to e-PHI. Remote Use National Institute of Standards and Technology (NIST) Special PublicationsNIST is a federal agency that sets computer security standards for the federal government and publishes reports on topics related to IT security. The following special publications are provided as an informational resource and are not legally binding guidance for covered entities. NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems NIST Special Publication 800-52: Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the HIPAA Security Rule NIST Special Publication 800-77: Guide to IPsec VPNs NIST Special Publication 800-88: Computer Security NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices NIST Special Publication 800-113: Guide to SSL VPNs Federal Information Processing Standards Publication 140-2
|