Yolanda Sims, JD, MHA
KAMMCO, Loss Prevention & Risk Management Advisor
As health care organizations continue to focus on information protection and implementing the best cybersecurity practices, one recognized security practice source is reevaluating their resource guide. The National Institute for Standards and Technology(NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking to do the following:
- Increase awareness of relevant NIST cybersecurity resources,
- Increase awareness of relevant non-NIST resources relevant to compliance with the HIPAA Security Rule, and
- Provide HIPAA Security Rule implementation guidance that is more reflects of the current and ever-changing cyber threat landscape and best practices for covered entities and business associates
Although the previous version of the Resource Guide was released in 2008, it is still relevant. Recognizing that covered entities and business associates have diverse ways of implementing the HIPAA Security Rule, NIST is soliciting feedback about how organizations are implementing the Resource Guide. Specifically, NIST wants to know what aspects of the guide have been useful, what aspects have not, and the reasoning supporting your perspective.
CALL FOR COMMENTS HERE:https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft.
The comment period is open through June 15, 2021. Comments may be submitted via email to: sp800-66-comments@nist.gov with “Resource Guide for Implementing the HIPAA Security Rule Call for Comments” in the subject field. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.
For more information on risk management or loss prevention and professional liability issues, contact Yolanda Sims at ysims@kammco.com.
SOURCES
1. U.S. Department of Health and Human Service, Office of Civil Rights
2. Hitting the Reset Button: NIST Seeks Comments on Version 2.0 of HIPAA Security Rule Compliance Guidance National Law Review Volume XI, Number 130