NIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resources have evolved since SP 800-66, Revision 1, was published in 2008, and stakeholders will benefit from guidance that includes references to these updated resources.

The list of topics in the call for comments covers the major areas in which NIST is considering updates, including improvements to the guide and awareness, applications, and uses for the guide. NIST is seeking stakeholder input on the purpose of the Resource Guide to educate readers about information security terms used in the HIPAA Security Rule, amplify awareness of NIST cybersecurity resources relevant to the HIPAA Security Rule, amplify awareness of non-NIST resources relevant to the HIPAA Security Rule, and provide detailed implementation guidance for covered entities and business associates.

Comments received by the deadline will be incorporated to the extent practicable. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.

The comment period is open through June 15, 2021 July 9, 2021. See the call for comments for complete details and instructions for submitting comments.