The National Institute of Standards and Technology (NIST) is exploring the use of advanced software tools that could automatically check whether certain health information transactions complied with security requirements, including the Health Insurance Portability and Accountability Act (HIPAA).
In a business notice, NIST said it wants to identify firms who could use the security content automation protocol (SCAP) " a set of specifications enabling users to depend on common computer settings for meeting security requirements " for transactions involving health information.
Software equipped with SCAP can monitor and verify security settings as well as confirm that patches have been installed on applications.
Because SCAP tools are standards-based, systems that use them can exchange security information. SCAP tools can detect if an application does not adhere to a security setting and can automatically convey that information.
According to the NIST announcement, the vendor would use SCAP to develop security configuration profiles for common platforms and operating systems used in healthcare.
Some federal agencies already use SCAP specifications to test the common Federal Desktop Core Configuration for Microsoft Windows XP and Vista as part of federal cyber-security requirements.
More information on SCAP is available here.
The agency announced its plan on the Federal Business Opportunities Web site Jan. 14. Vendors must respond by Jan. 29.
