NIST revises healthcare guidance to improve HIPAA security rule compliance

The draft publication 800-66 focuses on helping inform the industry about security issues around electronic protected health information, or ePHI, which runs the gamut of patient data from lab results to hospital visits within the context of the HIPAA Security Rule. Also included are resources made available to help healthcare organizations protect ePHI from ransomware and phishing, two common threats that are rapidly evolving. The draft document includes advisories for education, training and awareness of personnel at healthcare organizations, as well as methods to help protect organizational data and the resources that store and access ePHI, including zero-trust architecture and digital identity guidelines. In June, the HHS published guidance on "strengthening cyber posture," but healthcare organizations continue to ask for more government help managing their security challenges.