NIST and HIPAA

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Health Care Cybersecurity Update on Guidance

The National Institute of Standards and Technology (NIST) has provided updated guidance for the health care industry. Designed to help with electronically protected health information (ePHI), they have created a new draft titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2). The term draft is used because they are seeking comments on this publication until September 21, 2022.

The Goal

This guidance is aligned with the HIPAA Security Rule to protect the confidentiality, integrity, and availability of ePHI. According to Jeff Marron, a NIST cybersecurity specialist, “One of our main goals is to help make the updated publication more of a resource guide. The revision is more actionable so that health care organizations can improve their cybersecurity posture and comply with the Security Rule.”

The Process

NIST has considered the more than 400 unique responses from its pre-draft call from last year. Marron went on to explain that the organization has “mapped all elements of the HIPAA Security Rule to the Cybersecurity Framework subcategories and to controls in NIST SP 800-53’s latest version.” What does that mean? NIST SP 800-53 is a cybersecurity standard and compliance framework. It is flexible and was designed to be updated. This is in order to meet the changing needs of those who it was created to serve as guidance for.

What Should You Do?

This is a resource, not a checklist. HIPAA Secure Now can assist you with HIPAA compliance. Additionally, we can also put strong cybersecurity practices in place to safeguard your business and your patients. If you have comments that you’d like to submit to NIST, you can email them to sp800-66-comments@nist.gov.

This article was originally published on HIPAA Secure Now! and is republished here with permission.