Public Comment Period Extended to 10/5 | Implementing the HIPAA Security Rule: Draft NIST SP 800-66, Rev. 2

 The public comment period has been extended for the initial public
draft of NIST Special Publication (SP) 800-66r2 (Revision 2),
Implementing the
Health Insurance Portability and Accountability Act (HIPAA) Security Rule
: A Cybersecurity Resource Guide.
The new comment deadline
is October 5, 2022.

The HIPAA Security Rule specifically focuses on protecting the
confidentiality, integrity, and availability of electronic protected health
information (ePHI), as defined by the Security Rule. All HIPAA-regulated
entities must comply with the requirements of the Security Rule.

This draft:

  • Includes a brief overview of
    the HIPAA Security Rule
  • Provides guidance for regulated
    entities on assessing and managing risks to ePHI
  • Identifies typical activities
    that a regulated entity might consider implementing as part of an
    information security program
  • Lists additional resources that
    regulated entities may find useful in implementing the Security Rule

Please submit comments to through October 5, 2022.
See the publication
for a copy of the draft and instructions for submitting

NOTE: A call for patent claims is included on page v of this
draft. For additional information, see the
Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications