NIST Seeks Feedback on New Guidance for Healthcare Cybersecurity
The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the healthcare industry. The new draft publication, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2),” is designed to help the industry maintain the confidentiality, integrity and availability of electronic protected health information (ePHI).
The revision was developed to better integrate ePHI cybersecurity guidance with other NIST cybersecurity guidance that did not exist when Revision 1 was published in 2008.
“We have mapped all the elements of the HIPAA Security Rule to the Cybersecurity Framework subcategories and to controls in NIST SP 800-53’s latest version,” said Jeff Marron, a NIST cybersecurity specialist. “We have increased our emphasis on the guidance’s risk management component, including integrating enterprise risk management concepts.”
NIST notes that the draft takes into account more than 400 unique responses it received to its pre-draft call for comments last year. Significant changes to the document are highlighted in the publication’s “Note to Reviewers,” which asks readers for thoughts on specific sections.
NIST is accepting comments on the draft until Sept. 21, 2022 via email at: sp800-66-comments@nist.gov.
Related Articles
-
“Velentium is committed to educating the next generation of aspiring engineers and plans to expand this initiative to additional universities around the country, ultimately creating a certification course.”
-
“We are excited to combine Bomi’s talent, expertise and capabilities with UPS Healthcare—together, we will provide unmatched solutions to our customers, powered by UPS’s integrated, global smart logistics network.”
-
The new guidance is intended to establish confidence in automation used for production or quality assurance systems and describe various methods and testing activities that may be applied to establish computer software assurance and meet regulatory software validation requirements.
-
The updated guidance document clarifies what constitutes a statement of the basis for the deficiency and includes examples of well-constructed deficiencies and industry responses to facilitate a more efficient review process.
