Date Published: July 21, 2022
Comments Due: October 5, 2022 (public comment period is CLOSED)
Email Questions to: sp800-66-comments@nist.gov
Planning Note (9/19/2022):
The due date for submitting comments has been extended to October 5, 2022 (it was originally September 21, 2022). Please see the Announcement section below for some specific feedback that NIST is seeking.
The HIPAA Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI), as defined by the Security Rule. All HIPAA-regulated entities must comply with the requirements of the Security Rule.
This draft update:
NIST would appreciate feedback on the following questions (from the Note to Reviewers section):
NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-66 Rev. 2 (Draft) (DOI)
Local Download
Supplemental Material:
NIST news article (web)
Document History:
04/29/21: SP 800-66 Rev. 2 (Draft)
07/21/22: SP 800-66 Rev. 2 (Draft)
Security and Privacy
general security & privacy
Laws and Regulations
Health Insurance Portability and Accountability Act
Sectors
healthcare