The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidelines for protecting health data. The draft update will provide a more practical guide for health care providers to comply with government rules on the security of personal health data, he said.
The initial draft of the document is titled “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, (800-66)”. This draft is the second revision of the document after the first in 2008.
The healthcare and safety community has already had the opportunity to comment on this revision to the document as work progressed over the past year. This preliminary version contains more than 400 responses during this call for comments.
NIST designed the updated document as a resource guide with more concrete steps that can help healthcare organizations comply with the safety rule, its staff said. He also mapped the document’s guidance to other publications produced since the first revision, including the Cybersecurity Framework and its security and privacy controls. Finally, this draft puts more emphasis on risk management than the previous revision.
The updated guide will help businesses implement the HIPAA security rule, which the U.S. government first introduced into law in 1996. This rule, which complements a separate privacy, sets a standard for protecting electronic personal health information (ePHI). eHPI is a broad catch-all encompassing many types of personal data as processed by organizations in the healthcare ecosystem.
The organization is now inviting public comments on the revised document until September 21, 2022.
The advice is timely as healthcare violations continue to rise. An analysis of U.S. health and human services data in February confirmed expectations that 2021 would be a watershed year for health care breaches, with the number of breaches topping all records.
This month, the Professional Finance Company (PFC), a US healthcare debt collection company, reported a data breach affecting 1.9 million people among more than 650 healthcare providers.