LOGIN Request a call


OCR and NIST Published a Final Version of Cybersecurity Guide for HIPAA Security Rule

19 Mar

Update Applicable to:Effective date
All covered employers under the HIPAASee details below

What happened?

On February 16, 2024, the U.S. Department of Health, and Human Services’ Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a definitive version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.”

What are the details?

The Department of Health and Human Services (HHS) and NIST issued new guidance to provide information and serve as a resource for HIPAA-regulated entities to improve cybersecurity and compliance with the HIPAA Security Rule.

This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard electronic protected health information (ePHI) and better understand the security concepts discussed in the HIPAA Security Rule.

  • The rule requires regulated entities to implement reasonable and appropriate security measures to safeguard, including protecting against reasonably anticipated cybersecurity threats or vulnerabilities to the confidentiality, integrity, and availability of ePHI.
  • The new guidance is designed to be used in whole or in part to help improve cybersecurity and assist with achieving compliance with the Security Rule.

The new guidance highlights that “the Security Rule is flexible, scalable, and technology-neutral…there is no one single compliance approach that will work for all regulated entities.”

Business Considerations

  • The guidance presents various security measures for each standard of the Security Rule with tables designed to implement the requirements of the Security Rule.
  • The guide provides an overview of the HIPAA Security Rule for covered entities, guidelines associated with conducting a risk assessment, risk management guidelines, and considerations when applying the Security Rule.
  • Because the HIPAA Security Rule is flexible by design, there is no standard or single approach for a HIPAA-covered entity to achieve and maintain HIPAA Security Rule compliance, meaning that there is not a one-size-fits-all document to ensure Security Rule compliance.


Source References

Schedule a Call

Learn more about VensureHR and how we can make an impact on your business.

Contact VensureHR

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.


You're all set.

Thanks for subscribing. Be on the look out for the Legal HR updates in your email.

Celebrating PEOs!

VensureHR joins the nationwide celebration, reflecting on an industry of excellence in providing payroll, employee benefits, compliance assistance, and HR services to thousands of SMBs across North America.

Tracking Convertion image