free counter
Health And Medical

NIST revises healthcare guidance to boost HIPAA Security Rule compliance

The National Institute of Standards and Technology announced an update to its healthcare cybersecurity guidance, placing a larger focus on the guidance’s risk management component, including integrating enterprise risk management concepts.


Thedraft publication 800-66targets helping inform the about security issues around electronic protected health information, or ePHI, which runs the gamut of patient data from lab leads to hospital visits within the context of the HIPAA Security Rule.

The HIPAA Security Rule, which targets protecting the confidentiality, integrityand option of ePHI, is sectioned off into six main sections, which range from general rules and administrative safeguards to technical and physical safeguards.

The guidance also draws focus on the brand new challenges posed by telehealth and telemedicine technologies, along with cloud services and mobile device technology.

Also included are resources distributed around help healthcare organizations protect ePHI from ransomware and phishing, two common threats which are rapidly evolving.

The draft document includes advisories for education, training and knowing of personnel at healthcare organizations, in addition to solutions to help protect organizational data and the resources that store and access ePHI, including zero-trust architecture and digital identity guidelines.


The U.S. Department of Health insurance and Human Services has noted a growth in cyberattacks affecting healthcare.

The amount of data breaches at hospitals, health systems, health plans and elsewhere continues to causesignificant challenges over the healthcare industry, with incidents reported in June impacting organizations including Kaiser Permanente and Atrium Health, which fellvictim to attack.

IN-MAY, hackers allegedly sponsored by North Korea targeted health systems in Kansas and Colorado, complying with the ransomware demands through bitcoin payments that the FBI recoveredjust earlier this week.

In June, the HHS published help with “strengthening cyber posture,”but healthcare organizations continue steadily to require more government help managing their security challenges.

A June report from the Ponemon Institute found few organizations in healthcare and elsewhere are investing adequately in identity and access management(IAM) technologies, that may also help providers cut costs.

PeaceHealth’s IAM automation program, for instance, helped save the business thousands of dollars.


“Among our main goals would be to help to make the updated publication more of a resource guide. The revision is more actionable in order that healthcare organizations can enhance their cybersecurity posture and adhere to the Security Rule,” said Jeff Marron, a NIST cybersecurity specialist.

“We offer a resource to guide you with implementing the Security Rule is likely to organization, which might have particular needs,” he said. “Our goal would be to offer guidance and resources you may use in a single readable publication.”

Nathan Eddy is really a healthcare and technology freelancer located in Berlin.

Email the


Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker