NIST - The National Institute of Standards and Technology

NIST - The National Institute of Standards and Technology and the excellent guidance they provide to all organizations trying to achieve HIPAA Compliance is the fifth post in our “compliance - why and how” series.

What is so good about NIST?

NIST strengthens the nation’s innovation, trade, public safety, security and jobs. They have a 100-plus-year track record of serving U.S. industry, and the public, with a mission and approach unlike any other agency.

The technology, measurements, and standards that are the essence of the work done by NIST’s laboratories help the U.S. industry to invent superior products and to provide services reliably. NIST also promotes U.S. access to global markets and a fair marketplace for consumers and businesses.

Technology based innovation

Technology-based innovation remains one of the nation’s most important competitive advantages. The new technologies that are determining the global winners in the early 21st century—biotechnology, nanotechnology, information technology, and advanced manufacturing—depend on NIST-developed tools to measure, evaluate, and standardize. The technologies that emerge as a result of the NIST laboratories’ work on these tools and through cost-shared research projects are putting U.S. companies at the forefront of innovation.

Information Technology Laboratory

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure.

ITL develops tests, test methods, reference data, proof-of-concept implementations, and technical analyses. This helps to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. The Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

How does it work?

To understand how regulatory compliance works, it helps to look at it in a Tiered fashion:

Tier 1

Represents overall regulatory requirements and becomes the guide all for subordinate tiers. It references public laws and higher-level authoritative guides.

Tier 2

Becomes the focus of compliance, which requires written policies and procedures to be put in place. The entity must implement policies and procedures designed to comply with the standards, implementation specifications, or other requirements of the law. These policies define the processes and produce the documents which answer the questions of who, what, where and when with regard to compliance.

Tier 3

Becomes the tool that deploys the processes. These processes are in the form of work instructions and position descriptions aiding the workforce in fully understanding how they are responsible for compliance to the regulatory act. They inform the workforce of the requirements that they must fully understand of what is relative to compliance. They answer the question of how. They help define the first level of training objectives and should filter into the overall enterprise-wide training plan.

Tier 4

Is the basis for monitoring assurance that the workforce is complying with the upper tiers. Again, Due Diligence to compliance is strengthened through the third party assessment, which assures that progress toward compliance receives unbiased definition.

Reasonable and Appropriate

In our next post we’ll share our feelings about NIST and how their attitude regarding what is reasonable and appropriate for small companies really encouraged us as we began our HIPAA Compliance initiative. It will encourage you as well.

DTS InfoTech Can Help

Regulatory compliance is the law, but many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.

Return to main HIPAA page

For more information:

Dedicated to your success,

Wally Moore
General Manager and Compliance Officer
dts|infotech . . . computer networks that work