Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule



Matthew A. Scholl, Kevin M. Stine, Joan Hash, Pauline Bowen, L A. Johnson, Carla Dancy Smith, Daniel Steinberg


Special Publication 800-66 Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Probability and Accountability Act (HIPAA) Security Rule, which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule, was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule, direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses, and aid readers in understanding the security concepts discussed in the HIPAA Security Rule. This publication does not supplement, replace, or supersede the HIPAA Security Rule itself. [Supersedes SP 800-66 (March 2005):]
Special Publication (NIST SP) - 800-66 Rev 1
Report Number
800-66 Rev 1


Information Security, Healthcare, HIPAA, security rule
Created October 23, 2008, Updated February 19, 2017