April 25, 2023
For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, from Revision 1 to Revision 2.
Thank you to all who provided feedback during the open comment period; in total, over 250 unique comments were received from dozens of individuals and organizations. Many commenters suggested that more resources be developed for small, regulated entities. NIST agrees… and anticipates follow-on work in this area—but NIST can’t do it alone and plans to work collaboratively with other agencies, entities, and colleagues to produce useful resources. Stay tuned for more information about this in the coming months.
NIST and OCR are still in the process of carefully adjudicating the comments received. Once all comments are adjudicated, NIST plans to publish a blog or whitepaper detailing the proposed changes to SP 800-66 Rev. 2 (with the goal being to publish a final version of SP 800-66 Rev. 2 later this year).
Thank you for the opportunity to share this update. Reach out with any questions or comments to sp800-66-comments@nist.gov (and follow us on Twitter via @NISTcyber and subscribe to our Cybersecurity Insights blog to stay updated in the future).
