June 24, 2021

Volume XI, Number 175

Advertisement

June 23, 2021

Subscribe to Latest Legal News and Analysis

June 22, 2021

Subscribe to Latest Legal News and Analysis

June 21, 2021

Subscribe to Latest Legal News and Analysis

NIST Plans to Update HIPAA Security Guidance – Asks for Comments

Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the HIPAA Security Rule standards and explains the structure and organization of the Security Rule.

Since the Guide’s original publication, cyberattacks and threat conditions have changed significantly. As such, NIST is seeking stakeholder input to improve the Guide. Namely, it wants to understand how covered entities and business associates have used and applied the Guide in implementation of cybersecurity programs. NIST’s three key objectives with the Guide are to:

  • educate readers about information security terms used in HIPAA Security Rule,

  • amplify awareness of non-NIST resources relevant to the HIPAA Security Rule, and

  • provide detailed implementation guidance for covered entities and business associates.

Specifically, NIST has asked for feedback about what components of the Guide are used, including which aspects are least helpful and what sections might be missing. NIST also wants to understand how the Guide could be more useful and relatable to a variety of audiences, such as small health care providers, health plans, and health care clearinghouses (among others). NIST is also looking for information about how the guide is used in a practical manner to implement a data security program. For example, organizations submitting comments may want to provide input about the tools, resources, or techniques used to implement the HIPAA Security Rule.

Putting it Into Practice: The NIST website provides a more detailed list of suggested areas for feedback. NIST invites comments through June 15, 2021 at sp800-66-comments@nist.gov. In the subject field, comments should be labeled as “Resource Guide for Implementing the HIPAA Security Rule Call for Comments”.  After that date, a revised version will be provided for public review and comment.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 134
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Associate

Susan Ingargiola is an associate in the Corporate Practice Group in the firm's New York office.

Areas of Practice

Susan advises healthcare organizations, including hospitals, health systems, insurers, community health centers, health information exchange organizations, pharmaceutical and biotechnology companies, and mobile app developers on health information privacy issues, including compliance with HIPAA and state medical record confidentiality laws, as well as other compliance- related matters. She conducts regulatory diligence in connection with...

212-896-0624
Ariana Stobaugh Corporate Attorney Sheppard Mullin Law Firm Century City
Associate

Ariana Stobaugh is an associate in the Corporate Practice Group in the firm's Century City office and is a member of the firm’s Healthcare team.

Areas of Practice

Ariana advises healthcare organizations on business, regulatory and transactional matters.

Prior to joining Sheppard Mullin, she worked as a high school English teacher in Los Angeles.  While attending law school at USC Gould School of Law, she served as an extern at Public Counsel and Neighborhood Legal Services....

424-288-5301
Advertisement
Advertisement