Background: NIST Special Publication (SP) 800-66
Healthcare organizations face many challenges from cybersecurity threats. This can have serious impacts on the security of patient data, the quality of patient care, and even the organization’s financial status. Healthcare organizations also must comply with regulatory requirements, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which focuses on safeguarding the electronic protected health information (ePHI) held or maintained by HIPAA covered entities and business associates (collectively, ‘regulated entities’).
Draft NIST Special Publication (SP) 800-66 Revision 2 provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI. To that end, Draft NIST SP 800-66 Revision 2 aims to help organizations improve their overall cybersecurity posture, while also complying with the Security Rule.