Date Published: April 29, 2021
Comments Due: July 9, 2021 (public comment period is CLOSED)
Email Questions to:
sp800-66-comments@nist.gov
NIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resources have evolved since SP 800-66, Revision 1, was published in 2008, and stakeholders will benefit from guidance that includes references to these updated resources. The public is invited to provide input by June 15, 2021 July 9, 2021 for consideration in the update.
The list of topics below covers the major areas in which NIST is considering updates, including improvements to the guide and awareness, applications, and uses for the guide. NIST is seeking stakeholder input on the purpose of the Resource Guide to educate readers about information security terms used in the HIPAA Security Rule, amplify awareness of NIST cybersecurity resources relevant to the HIPAA Security Rule, amplify awareness of non-NIST resources relevant to the HIPAA Security Rule, and provide detailed implementation guidance for covered entities and business associates.
Comments received by the deadline will be incorporated to the extent practicable. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.
The comment period is open through June 15, 2021 July 9, 2021. Submit comments to sp800-66-comments@nist.gov with “Resource Guide for Implementing the HIPAA Security Rule Call for Comments” in the subject field.
Submitted comments, including attachments and other supporting materials, will become part of the public record and are subject to public disclosure. Personally identifiable information and confidential business information should not be included (e.g., account numbers, Social Security numbers, names of other individuals). Comments that contain profanity, vulgarity, threats, or other inappropriate language will not be posted or considered.
The following topics are intended to help NIST learn about experiences in applying and using An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”) and explore opportunities for improvement.
Covered entities and business associates have diverse ways of implementing the HIPAA Security Rule. NIST solicits information about how organizations are implementing the Resource Guide, its application, and its use in practice.
[1] To amend the Health Information Technology for Economic and Clinical Health Act to require the Secretary of Health and Human Services to consider certain recognized security practices of covered entities and business associates when making certain determinations, and for other purposes, Pub. L. 116-321 (January 5, 2021). Available at https://www.congress.gov/bill/116th-congress/house-bill/7898
None selected
Publication:
No Download Available
Supplemental Material:
None available
Document History:
04/29/21: SP 800-66 Rev. 2 (Draft)
07/21/22: SP 800-66 Rev. 2 (Draft)
02/14/24: SP 800-66 Rev. 2 (Final)