The National Institute of Standards and Technology (NIST), seeking to create more usable cybersecurity advice for health care organizations, is updating its HIPAA cybersecurity guidance and has released a draft of the revisions.
The draft, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide,”[1] is designed to help the industry maintain “the confidentiality, integrity, and availability of electronic protected health information (ePHI).”
“One of our main goals is to help make the updated publication more of a resource guide,” said Jeff Marron, a NIST cybersecurity specialist who authored the draft revisions. Marron called the revised guidance “more actionable.”[2]