Cybersecurity Guidance Updated

In an effort to help healthcare organizations protect patients’ personal health information, the National Institute of Standards and Technology (NIST) https://www.nist.gov has updated their cybersecurity guidance for the industry.

NIST’s new draft publication is designed to help the industry maintain the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI) which covers a wide range of patient data, including prescriptions, lab results, records of hospital visits, and vaccinations.

HIPAA, a federal law requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. Part of HIPAA is the Security Rule, which specifically focuses on protecting ePHI created by a healthcare organization, to receive, maintain, or transmit data. NIST does not create regulations to enforce HIPAA, but the revised draft will provide cybersecurity guidance.

“One of our main goals is to help make the updated publication more of a resource guide,” said Jeff Marron, NIST Cybersecurity Specialist in the Applied Cybersecurity Division, Information Technology Lab . “The revision is more actionable so that healthcare organizations can improve their cybersecurity posture and comply with the Security Rule.”

The draft takes into account more than 400 unique suggestions received by NIST in response to their pre-draft call for comments last year. Jeff Marron describes the draft as more of a refresh than an overhaul, as the document’s structure has changed only slightly. However,  the content has been updated with an increased emphasis on assessment and management of risk to ePHI. He reports that the goal is to provide a resource that is able to offer guidance and resources you can use in one readable publication.”

Information on the revised draft publication is at https://www.nist.gov/news-events/news/2022/07/nist-updates-guidance-health-care-cybersecurity.

To submit comments on the draft until September 21, 2022, email https://www.nist.gov: sp800-66-comments@nist.gov (https://www.nist.govmailto:sp800-66-comments@nist.gov