The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the healthcare industry. The new draft publication, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2),” is designed to help the industry maintain the confidentiality, integrity and availability of electronic protected health information (ePHI).
The revision was developed to better integrate ePHI cybersecurity guidance with other NIST cybersecurity guidance that did not exist when Revision 1 was published in 2008.
“We have mapped all the elements of the HIPAA Security Rule to the Cybersecurity Framework subcategories and to controls in NIST SP 800-53’s latest version,” said Jeff Marron, a NIST cybersecurity specialist. “We have increased our emphasis on the guidance’s risk management component, including integrating enterprise risk management concepts.”
NIST notes that the draft takes into account more than 400 unique responses it received to its pre-draft call for comments last year. Significant changes to the document are highlighted in the publication’s “Note to Reviewers,” which asks readers for thoughts on specific sections.
NIST is accepting comments on the draft until Sept. 21, 2022 via email at: email@example.com.