In a concerted effort to fortify cybersecurity and privacy practices within the healthcare sector, government regulators and industry councils unveil two pivotal guidance resources. These publications arrive at a critical juncture as the Biden administration intensifies efforts to elevate cybersecurity standards across the healthcare landscape.
The first guidance resource, a joint publication titled “”Special Publication 800-66 Revision 2, Implementing the HIPAA Security Rule,”” is released by the Department of Health and Human Services’ Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST). This document offers comprehensive insights for HIPAA-covered entities and business associates, facilitating the mapping of the HIPAA Security Rule’s standards to NIST Cybersecurity Framework subcategories and SP 800-53r5 security controls. As a supplement, NIST provides additional resources addressing specific cybersecurity topics relevant to the healthcare sector.
Simultaneously, the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group issues a complementary guide focused on harmonizing privacy and cybersecurity functions within healthcare entities. This resource aims to bridge existing gaps and streamline collaboration between privacy and security teams, enabling organizations to enhance overall compliance and operational efficiencies.
Both guidance resources are poised to equip healthcare sector entities with practical strategies and best practices to navigate the evolving cybersecurity landscape effectively. By fostering collaboration and providing tailored frameworks, these publications empower organizations to strengthen their cybersecurity posture and safeguard sensitive patient information and critical IT infrastructure.
