The National Institute of Standards and Technology (NIST) Updates Guidance on HIPAA Compliance Rules

July 29, 2022

You know that exciting feeling when apps have an update that adds awesome new features?! It’s like Christmas morning over here for us at Abyde. The National Institute of Standards and Technology (NIST) just updated its guidelines and added an awesome new feature! After six years, NIST made a significant update by providing guidance to HIPAA-covered entities to follow the HIPAA Security Rule in order to better safeguard patients’ personal and protected health information. Read below to find out what changes were made to the guidelines. 

The revised guidance connected HIPAA Security Rule items to NIST Cybersecurity Framework subcategories. The advice remains mostly unchanged, with a few minor structural changes and a renewed emphasis on risk assessments and risk management.

NIST Cybersecurity Specialist, Jeff Marron states, “We provide a resource that can assist you with implementing the Security Rule in your own organization, which may have particular needs. Our goal is to offer guidance and resources you can use in one readable publication.”

NIST recommended the following guidelines for practices:

  • Practices should develop a list of vulnerabilities that might be exploited
  • Practices should discuss methods in which PHI could be wrongly released. 
  • Practices should examine the probable consequences of a malicious attacker exploiting a vulnerability
  • Practices should define the risk level of an attacker
  • Practices should document the outcomes of the risk assessment.

NIST Cybersecurity Specialist, Jeff Marron also stated, “The identification of vulnerabilities or conditions that a threat could use to cause impact is an important component of risk assessment. While it is necessary to review threats and vulnerabilities as unique elements, they are often considered at the same time,”.

It is important to note that HIPAA and cybersecurity operate best as a team, and a practice with both will operate smoothly. We all understand the need of HIPAA compliance, but practices must also understand the importance of cybersecurity. The more funding and resources allocated to IT security employees, the better off the firm will be when cyber dangers eventually arise.

Satisfying HIPAA and cybersecurity regulations is critical to safeguarding your practice and patients from a data breach or HIPAA violation. While these are undoubtedly items that should be emphasized regardless of the government’s spending intentions, the suggestions by the government and NIST add a sense of urgency to ensuring that these vital protections are in place. With the increasing frequency of cyberattacks going on nowadays, ensuring HIPAA compliance is more important than ever. 

We were chatting with our Partner, Darkhorse Tech, and they talked about how HIPAA compliance services provide a framework for security (essential for any dental business), but they do not provide a proactive response to cyber threats. Instead, they provide preventative methods to safeguard your data and keep you in compliance. So in order to have everything covered your practice needs to adopt an additional layer of security, you should no longer rely exclusively on low-quality anti-virus software to defend you. By enlisting the help of specialists who are actively working to prevent an attack before it occurs, reacting to any threats in real-time, and staying up to speed on the current and impending dangers, you can shift your security measures from preventative and reactive to proactive.

Darkhorse Tech CMO, Brian Ash, states, “The latest updates to HIPAA make compliance, reporting, and cyber security even more vital for our clients.  While we have been recommending the addition of Abyde for HIPAA compliance for some time, the new guidelines make now the time to commit.  Along with Abyde’s software we are making the addition of a Security Operations Center (SOC) our top priority.  We vetted many options but are recommending Blackpoint Cyber as our SOC of choice.”

As we can see, the NIST provided a great update to their Quizlet so that your practice can maintain a good grade in compliance school. So, I think it is time to take a step back and review that NIST guidance so that your practice can always pass the exam! So ensuring that you’re adequately securing this data begins with a thorough knowledge of what needs to be secured and that’s why we have the ideal study partner for you (Abyde) to assist you with all of your compliance needs!