Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1
April 29, 2021

(6/2/21) The comment period has been extended through July 9, 2021.


NIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resources have evolved since SP 800-66, Revision 1, was published in 2008, and stakeholders will benefit from guidance that includes references to these updated resources.

The list of topics in the call for comments covers the major areas in which NIST is considering updates, including improvements to the guide and awareness, applications, and uses for the guide. NIST is seeking stakeholder input on the purpose of the Resource Guide to educate readers about information security terms used in the HIPAA Security Rule, amplify awareness of NIST cybersecurity resources relevant to the HIPAA Security Rule, amplify awareness of non-NIST resources relevant to the HIPAA Security Rule, and provide detailed implementation guidance for covered entities and business associates.

Comments received by the deadline will be incorporated to the extent practicable. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.

The comment period is open through June 15, 2021 July 9, 2021. See the call for comments for complete details and instructions for submitting comments.

Related Topics

Security and Privacy: general security & privacy

Laws and Regulations: Health Insurance Portability and Accountability Act

Created April 29, 2021, Updated June 02, 2021