‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the most widely recognized sources of recommended security practices, even as some of its guidance has become outdated. This is especially true for its HIPAA security guidance, as the NIST publication “An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule” was published in 2008. Office for Civil Rights investigations now routinely ask for evidence that an organization has implemented “recognized security practices”, typically in alignment with the NIST Cybersecurity Framework. The challenges presented by aging NIST guidance cause frustration for many of our clients

But in a move that feels long overdue, NIST has finally published a draft update to its healthcare cybersecurity

Read more

Explore the site

More from the blog

Latest News