The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) are pleased to announce the publication of the final version of Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide. This revised publication, a collaborative effort between NIST and OCR, includes resources for HIPAA covered entities (most healthcare providers, health plans and healthcare clearinghouses) and their business associates to help their understanding of the HIPAA Security Rule, drive compliance with the law and bolster security. This is the latest action in this work for HHS, who released a Department-wide Cybersecurity strategy for the healthcare sector in December of 2023, and voluntary performance goals to enhance cybersecurity across the health sector in January 2024. The publication provides an overview of the HIPAA Security Rule, strategies for assessing and managing risks to electronic protected health information (ePHI), suggestions for cybersecurity measures and solutions that HIPAA covered entities and business associates might consider as part of an information security program, and resources for implementing the Security Rule.
