Date Published: February 2024
Supersedes:
SP 800-66 Rev. 1 (10/23/2008)
Planning Note (02/14/2024):
See NIST’s Cybersecurity and Privacy Reference Tool (CPRT) for the following content:
- Key activities, descriptions, and sample questions from the tables in Section 5
- Mappings of the HIPAA Security Rule’s standards and implementation specifications to NIST Cybersecurity Framework Subcategories and SP 800-53r5 security controls
- Listings of NIST publications relevant to each HIPAA Security Rule standard
Author(s)
Jeffrey Marron (NIST)
The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible...
See full abstract
The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
Hide full abstract
Keywords
administrative safeguards; Health Insurance Portability and Accountability Act; implementation specification; physical safeguards; risk assessment; risk management; Security Rule; standards; technical safeguards
Control Families
None selected
