- About CW
- Topics
- Events
- Research
- Awards
- CW Connect
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Proposed NIST cybersecurity guide incorporates HIPAA Security Rule
By 
Jaclyn Jaeger2022-08-04T14:56:00
The National Institute of Standards and Technology (NIST) is seeking comment on proposed new cybersecurity guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule.
On July 21, NIST published revised Special Publication 800-66, “Implementing the [HIPAA] Security Rule: A Cybersecurity Resource Guide,” its first update since the original version was published in 2008.
NIST said it developed the revised guidance, in part, to integrate it with other cybersecurity resources that didn’t exist in 2008, including its Cybersecurity Framework and revisions made to its Security and Privacy Controls (NIST SP 800-53).
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefHHS reports: Compliance reviews, health data breaches up
The number of compliance reviews by the Department of Health and Human Services of health organizations increased between 2017 and 2021, according to the agency’s latest reports to Congress.
-
News BriefSens press telehealth firms on alleged sharing of patient data for ads
A bipartisan group of senators is leaning on three telehealth firms accused of tracking and sharing patients’ sensitive personal information with advertising platforms like Google and Facebook.
-
News BriefBanner Health to pay $1.25M over HIPAA Security Rule lapses
Banner Health agreed to pay $1.25 million as part of a settlement with the Department of Health and Human Services addressing violations of the Health Insurance Portability and Accountability Act Security Rule regarding a 2016 data breach.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.