The National Institute of Standards and Technology has released a 137-page paper, dated March 2005, detailing how federal agencies should implement the security rule of the 1996 Health Insurance Portability and Accountability Act, also known as HIPAA. NIST, part of the U.S. Department of Commerce, said nongovernmental groups could use the report on a volunteer basis.
HIPAA codifies privacy and security requirements in medical record-keeping. Its security rule details "administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information," according to the U.S. Department of Health and Human Services.
