NIST Plans to Update HIPAA Security Guidance – Asks for Comments

Sheppard Mullin Richter & Hampton LLP

Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the HIPAA Security Rule standards and explains the structure and organization of the Security Rule.

Since the Guide’s original publication, cyberattacks and threat conditions have changed significantly. As such, NIST is seeking stakeholder input to improve the Guide. Namely, it wants to understand how covered entities and business associates have used and applied the Guide in implementation of cybersecurity programs. NIST’s three key objectives with the Guide are to:

  • educate readers about information security terms used in HIPAA Security Rule,
  • amplify awareness of non-NIST resources relevant to the HIPAA Security Rule, and
  • provide detailed implementation guidance for covered entities and business associates.

Specifically, NIST has asked for feedback about what components of the Guide are used, including which aspects are least helpful and what sections might be missing. NIST also wants to understand how the Guide could be more useful and relatable to a variety of audiences, such as small health care providers, health plans, and health care clearinghouses (among others). NIST is also looking for information about how the guide is used in a practical manner to implement a data security program. For example, organizations submitting comments may want to provide input about the tools, resources, or techniques used to implement the HIPAA Security Rule.

Putting it Into Practice: The NIST website provides a more detailed list of suggested areas for feedback. NIST invites comments through June 15, 2021 at In the subject field, comments should be labeled as “Resource Guide for Implementing the HIPAA Security Rule Call for Comments”. After that date, a revised version will be provided for public review and comment.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.