Marron, J.
(2024),
Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule A Cybersecurity Resource Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-66r2, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957064
(Accessed October 16, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule A Cybersecurity Resource Guide
Published
Author(s)
Abstract
The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.Citation
Special Publication (NIST SP) - 800-66r2
Report Number
800-66r2
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
administrative safeguards, Health Insurance Portability and Accountability Act, implementation specification, physical safeguards, risk assessment, risk management, Security Rule, standards, technical safeguards.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 14, 2024