HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework).  This crosswalk was developed in order to assist healthcare organizations improve cybersecurity preparedness by using the Framework as a common language.  The crosswalk also includes mappings to other commonly used security frameworks.

The NIST Framework was released in 2014 in order to provide a voluntary framework to assist companies in reducing cyber risks to critical infrastructure.  This Framework has been voluntarily adopted as the standard for companies to follow when evaluating cybersecurity issues across various industries, including the healthcare industry.  Companies subject to HIPAA must implement strong security safeguards to comply with the HIPAA Security Rule and many have adopted the NIST Framework to do so.

This crosswalk should can as a tool for covered entities and business associates to evaluate potential gaps in HIPAA compliance and steps necessary to achieve compliance with  HIPAA obligations.   While the HIPAA Security Rule does not mandate use of the NIST Framework nor does compliance with the NIST Framework guarantee HIPAA compliance, the crosswalk allows companies to identify and manage security risks in a comprehensive way.

Leave a comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, Privacy and Security, Technology

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s