Printer Friendly, PDF & Email

The NIST Privacy Framework: An enterprise risk management tool

Karen Greenhalgh ( is Managing Principal and Founder of Cyber Tygr in Virginia Beach, VA.

Protecting the privacy rights of individuals has become a primary goal of governments and organizations around the globe. In the U.S., Congress is considering an American version of the EU’s General Data Protection Regulation (GDPR), and the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is under scrutiny. The healthcare industry, still struggling with HIPAA and facing increasing privacy regulation, is recognizing that current cybersecurity and compliance programs are not structured to meet privacy needs. But how is the privacy of individuals to be effectively managed? By applying outcome-based methodology, the new National Institute of Standards and Technology (NIST) Privacy Framework treats privacy as a manageable risk.[1] This approach to privacy enables privacy compliance practitioners to state goals and achieve a measurable outcome for individuals’ privacy.

This document is only available to members. Please log in or become a member.