NIST Releases SP 800-66r2: Implementing the HIPAA Security Rule

The National Institute of Standards and Technology (NIST) has recently published Special Publication 800-66r2, titled “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.” This updated guidance provides valuable insights and recommendations for healthcare organizations seeking to comply with the HIPAA Security Rule.

The HIPAA Security Rule mandates that covered entities and business associates implement safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). Compliance with these requirements is essential for bolstering organizational resilience and ensuring the privacy and security of patient data.

NIST’s release of SP 800-66r2 underscores the importance of robust cybersecurity practices in healthcare organizations. By following the guidance outlined in this publication, covered entities and business associates can strengthen their security posture, mitigate risks, and ensure compliance with the HIPAA Security Rule. As threats to the confidentiality and integrity of ePHI continue to evolve, leveraging resources such as SP 800-66r2 is essential for safeguarding patient data and maintaining regulatory compliance.

HHS Office for Civil Rights Resolves Medical Practice Ransomware Cyberattack

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently issued its second-ever settlement for a ransomware...

Key Takeaways from DoorDash’s Settlement with the California Attorney General on Consumer Data Privacy

DoorDash's recent settlement with the California Attorney General regarding allegations of improperly trading consumer personal information has...

Securing America’s Ports: Biden Administration Takes Action on Maritime Cybersecurity

The Biden administration is set to issue an Executive Order to enhance the cybersecurity of U.S. ports and bolster maritime security, supported by a...

FTC Settles Data Broker Settlement Banning Sale of Sensitive Location Data

Organizations that collect, use, purchase, or sell sensitive location data should remain cautious of its data practices and the recent FTC...

New Jersey Enacts Privacy Law

On January 16, 2024, New Jersey became the first state in 2024 to join a growing list of states implementing comprehensive consumer data privacy...