NIST’s Planned Updates to Implementing the HIPAA Security Rule


View As Web Page


Cybersecurity Insights

a NIST Blog

NIST’s Planned Updates to Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide

Doctors workplace with white tablet stethoscope and mask

Photo Credit: Shutterstock

Background: NIST Special Publication (SP) 800-66

Healthcare organizations face many challenges from cybersecurity threats. This can have serious impacts on the security of patient data, the quality of patient care, and even the organization’s financial status. Healthcare organizations also must comply with regulatory requirements, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which focuses on safeguarding the electronic protected health information (ePHI) held or maintained by HIPAA covered entities and business associates (collectively, ‘regulated entities’).

Draft NIST Special Publication (SP) 800-66 Revision 2 provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI. To that end, Draft NIST SP 800-66 Revision 2 aims to help organizations improve their overall cybersecurity posture, while also complying with the Security Rule. 

Read the Blog!