Date Published: July 21, 2022
Comments Due: October 5, 2022 (public comment period is CLOSED)
Email Questions to: sp800-66-comments@nist.gov
Planning Note (4/25/2023):
The HIPAA Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI), as defined by the Security Rule. All HIPAA-regulated entities must comply with the requirements of the Security Rule.
This draft update:
NIST would appreciate feedback on the following questions (from the Note to Reviewers section):
NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-66 Rev. 2 (Draft) (DOI)
Local Download
Supplemental Material:
NIST news article (web)
Document History:
04/29/21: SP 800-66 Rev. 2 (Draft)
07/21/22: SP 800-66 Rev. 2 (Draft)
Security and Privacy
general security & privacy
Laws and Regulations
Health Insurance Portability and Accountability Act
Sectors
healthcare