NIST Updates Guidance for Health Care Cybersecurity

NIST Updates Guidance for Health Care Cybersecurity

Credit: N. Hanacek/NIST


In an effort to help health care organizations protect patients’ personal health information, the National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the health care industry. 


NIST’s new draft publication, formally titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2), is designed to help the industry maintain the confidentiality, integrity and availability of electronic protected health information, or ePHI. The term covers a wide range of patient data, including prescriptions, lab results, and records of hospital visits and vaccinations. 


“One of our main goals is to help make the updated publication more of a resource guide,” said Jeff Marron, a NIST cybersecurity specialist. “The revision is more actionable so that health care organizations can improve their cybersecurity posture and comply with the Security Rule.” 


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. Part of HIPAA is the Security Rule, which specifically focuses on protecting ePHI that a health care organization creates, receives, maintains or transmits. NIST does not create regulations to enforce HIPAA, but the revised draft is in keeping with NIST’s mission to provide cybersecurity guidance. NIST’s updated guidance is particularly timely as the U.S. Department of Health and Human Services has noted a rise in cyberattacks affecting health care. 


NIST is seeking comments on the draft publication until Sept. 21, 2022.


One of the main reasons NIST ..

Support the originator by clicking the read the rest link below.