The initial public draft of NIST Special Publication (SP) 800-66r2
(Revision 2), Implementing the
Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A
Cybersecurity Resource Guide, is now available for public comment.
The HIPAA Security Rule specifically focuses on protecting the
confidentiality, integrity, and availability of electronic protected health
information (ePHI), as defined by the Security Rule. All HIPAA-regulated
entities must comply with the requirements of the Security Rule.
This draft update:
- Includes a brief overview of
the HIPAA Security Rule - Provides guidance for regulated
entities on assessing and managing risks to ePHI - Identifies typical activities
that a regulated entity might consider implementing as part of an
information security program - Lists additional resources that
regulated entities may find useful in implementing the Security Rule
A public comment period is open
through September 21, 2022. See the publication
details for a copy of the draft and instructions for submitting
comments.
NOTE:
A call for patent claims is included on page v of this draft. For additional
information, see the Information
Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL
Publications.