According to a recent announcement from NIST they are looking to update their Resource Guide and would like input from stakeholders. The announcement includes the areas that they are considering updating, “including improvements to the guide and awareness, applications, and uses for the guide.”

NIST outlines discussion topics for improvements and application, implementation, and uses of the Resource Guide, “An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.”

These topics include:

  • Describe what content of the Resource Guide is being used and how you are using it.
  • Describe what components of the Resource Guide have been least useful to you and why.
  • Share any key concepts or topics that you believe are missing from the Resource Guide, including what they are and why they merit special attention.
  • Describe how your organization manages compliance and security simultaneously (i.e., how your organization achieves compliance with the HIPAA Security Rule while also improving cybersecurity posture).
  • Describe how your organization assesses risk to ePHI (electronic protected health information) and how this assessment leads to the identification of appropriate security controls/practices.

If you have used the Resource Guide in the past and think your feedback could be helpful, make sure to visit the NIST website and submit your feedback by June 15th!