On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for regulated healthcare entities to follow to improve cybersecurity and compliance with the Health Insurance Portability and Accountability (HIPAA) Security Rule.
Quick Hits
- HHS and NIST issued new guidance to provide information and serve as a resource for HIPAA-regulated entities to improve cybersecurity and compliance with the HIPAA Security Rule.
- The guidance comes after HHS announced a new carrots-and-sticks strategy to improve cybersecurity in the healthcare industry with additional resources and a proposal to increase civil penalties for data breaches to incentivize security measures.
The 122-page guidance, “Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide,” provides information and resources to HIPAA-covered entities—healthcare providers, health plans, healthcare clearinghouses, and their business associates—for them to…
