Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule A Cybersecurity Resource Guide

Published

Author(s)

Jeffrey Marron

Abstract

The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
Citation
Special Publication (NIST SP) - 800-66r2
Report Number
800-66r2

Keywords

administrative safeguards, Health Insurance Portability and Accountability Act, implementation specification, physical safeguards, risk assessment, risk management, Security Rule, standards, technical safeguards.

Citation

Marron, J. (2024), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule A Cybersecurity Resource Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-66r2, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957064 (Accessed April 19, 2024)
Created February 14, 2024