HIMSS Comments on NIST Pre-Draft Call for Comments on Revision to An Introductory Resource Guide for Implementing HIPAA Security Rule

On July 7, HIMSS submitted a letter in response to an update of an Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. In the letter, HIMSS strongly supported the National Institute of Standards and Technology’s (NIST) decision to update the Resource Guide to include improvements to the guide and an increase in awareness, applications and uses for it.

As dramatic changes in technology and data use have occurred since the initial document (SP-800, Revision 1), HIMSS stressed the importance of ensuring that Revision 2 aligned with the current state of relevant laws and regulations, most notably the HITECH Act and the HIPAA Omnibus Rule. Furthermore, HIMSS encouraged NIST to include materials that would educate its users on the implications of the new interoperability rules stemming from the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid (CMS) and how these rules work hand-in-hand with patient right of access provisions of the HIPAA Privacy Rule.

Moreover, HIMSS recommended that NIST also consider including a variety of existing NIST references and other federal resources that provide guidance relative to ransomware and threats.

After this revision is completed, HIMSS recommended NIST amplify overall awareness of this resource to encourage stakeholder engagement, use and understanding of the significance of the updates. HIMSS welcomes the opportunity to continue to be a resource to NIST in the effort of engaging and educating cybersecurity professionals on how to best leverage its content.