The National Institute of Standards and Technology has released the final revision of its special publication titled “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide”.
The document, also referred to as SP 800-66r2, offers guidance for regulated entities like HIPAA-covered organizations and their associates on how they can improve their cybersecurity posture and comply with the HIPAA Security Rule, the NIST said Wednesday.
SP 800-66r2 also lists activities that regulated entities can implement as part of an information security program and offers guidance on how risks to electronic protected health information can be assessed and managed.
The guide was revised by the NIST with the help of the Office for Civil Rights within the Department of Health and Human Services. Last year, NIST released a draft version of the special publication for further public comment. That draft version itself had incorporated public feedback gathered in 2021.