Update on the Revision of NIST SP 800-66, Implementing the HIPAA Security Rule

NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities 

For the past 18+ months NIST, in collaboration with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, from Revision 1 to Revision 2.

Thank you to all who provided feedback during the open comment period; in total, over 250 unique comments were received from dozens of individuals and organizations. Many commenters suggested that more resources be developed for small, regulated entities. We agree and anticipate follow-on work in this area—but we can’t do it alone and plan to work collaboratively with other agencies, entities, and colleagues to produce useful resources (stay tuned for more information about this in the coming months).

NIST and OCR are still in the process of carefully adjudicating the comments received. Once all comments are adjudicated, NIST plans to publish a blog or whitepaper detailing the proposed changes to SP 800-66 Rev. 2 (with the goal being to publish a final version of SP 800-66 Rev. 2 later this year).

Thank you for the opportunity to share this update. Reach out with any questions or comments via sp800-66-comments@nist.gov (and follow us on Twitter  via @NISTcyber and subscribe to our Cybersecurity Insights blog to stay updated in the future).

To read more go here