NIST Updates Guidance For Healthcare Security
Contents
Summary Of The Research
- NIST’s updated cyber security-related guidance is timely as the U.S. Department of Health and Human Services reported a significant increase in cybersecurity attacks affecting healthcare organizations.
- One of the NIST cybersecurity frameworks most important collection is Security and Privacy Controls (NIST SP 800-53) which can help organizations with a better approach to the risk management process.
- The new draft provides more than 400 unique responses NIST received from the community in its pre-draft stage last year.
- The new draft is intended to ensure the confidentiality, integrity, and availability of ePHI that it creates, receives, maintains, or transmits.
- NIST is seeking comments on the draft publication until Sept. 21, 2022.
What Happened?
NIST has updated its cybersecurity guidance intended for the healthcare industry, in an effort to help healthcare organizations to protect patient’s personal health information.
U.S. federal law Health Insurance Portability and Accountability Act of 1996 (HIPAA) intention is to improve the efficiency and effectiveness of the health care system by the creation of national standards to protect patient sensitive health information from being disclosed without the patient’s consent or knowledge.
Under HIPAA, any information that can be used to identify a patient is considered to be Protected Health Information (PHI), and Electronic protected health information (ePHI) represents data including:
- Patient data
- Names
- Dates
- Location
- Contact information
- Physical identity information
- Prescriptions
- Lab results
NIST intention is not to create regulations to enforce HIPAA, but to revise the draft to align with its mission to provide and improve cyber security guidance.
The original NIST’s cyber security guidance was published in 2008, and the updated guidance is meant to integrate into the NIST cyber security framework and other resources that were developed after the original guidance.
One of the NIST cyber security framework’s most important collections is Security and Privacy Controls (NIST SP 800-53), which can help organizations with a better approach to the risk management process.
NIST has released a new draft publication, for improving cyber security resources guide titled Health Insurance Portability and Accountability Act 5 Security Rule (NIST Special Publication 800-66, Revision 2), which is designed to help the industry maintain security CIA triad (Confidentiality, Integrity and Availability) for ePHI.
The new draft provides more than 400 unique responses NIST received from the community in its pre-draft stage last year.
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.