NIST updates HIPAA cybersecurity guidance – Security Magazine

In an effort to help healthcare organizations protect patients’ personal health information, the National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the healthcare industry. 

NIST’s new draft publication, titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2), is designed to help the industry maintain confidentiality, integrity and availability of electronic protected health information, or ePHI. The term covers a wide range of patient data, including prescriptions, lab results, and records of hospital visits and vaccinations. 

“One of our main goals is to help make the updated publication more of a resource guide,” said Jeff Marron, a NIST cybersecurity specialist. “The revision is more actionable so that health care organizations can improve their cybersecurity posture and comply with the Security Rule.” 

Part of HIPAA is the Security Rule, which specifically focuses on protecting ePHI that a health care organization creates, receives, maintains or transmits. NIST does not create regulations to enforce HIPAA, but the revised draft is in keeping with NIST’s mission to provide cybersecurity guidance. NIST’s updated guidance is particularly timely as the U.S. Department of Health and Human Services has noted a rise in cyberattacks affecting health care. 

One of the main reasons NIST developed the revision is to integrate it with other NIST cybersecurity guidance that did not exist when Revision 1 was published in 2008. Since then, NIST has developed its well-known Cybersecurity Framework and repeatedly updated its collection of Security and Privacy Controls (NIST SP 800-53) that organizations can use to tailor their risk management approaches. The new HIPAA Security Rule guidance draft makes explicit connections to these and other NIST cybersecurity resources.
NIST is accepting comments on the draft until Sept. 21, 2022, by email to [email protected].
Subscribe To Security Magazine
Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry.  
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Are you confident that your physical security strategy is effective? 
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Sec Shooter Detection Webinar
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing