The National Institute of Standards and Technology is seeking comments on a draft document that provides updated cybersecurity guidance for health care organizations to help them ensure the availability, integrity and confidentiality of patients’ electronic protected health information or ePHI.
The revised draft publication, titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, aligns with the Cybersecurity Framework, Security and Privacy Controls and other cybersecurity resources of NIST, the agency said Thursday.
The draft publication takes into consideration over 400 responses that NIST received in 2021 and focuses on the management and assessment of risk to ePHI, including lab results, prescriptions and records of vaccinations and hospital visits.
“We have increased our emphasis on the guidance’s risk management component, including integrating enterprise risk management concepts,” said Jeff Marron, a cybersecurity specialist at NIST.
Comments are due Sept. 21.
