NIST Publishes SP 800-66 Revision 2, Implementing the HIPAA Security Rule

From NIST Computer Security Resource Center:

The National Institute of Standards and Technology (NIST) has released the final version of Special Publication (SP) 800-66r2 (Revision 2), “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide”.

SP 800-66 provides guidance for entities regulated by HIPAA on evaluating and managing risks associated with electronic Protected Health Information (ePHI). It outlines typical activities for an information security program and offers advice to improve cybersecurity posture and assist with HIPAA Security Rule compliance.

NIST’s Cybersecurity and Privacy Reference Tool (CPRT) includes mappings of the HIPAA Security Rule’s standards and implementation specifications to NIST Cybersecurity Framework Subcategories and SP 800-53r5 security controls. It also lists NIST publications relevant to each HIPAA Security Rule standard, which can be used as additional resources for implementing HIPAA Security Rule standards and implementation specifications.