Blog Compliance
HIPAA Security Overhaul and Incentives for Cyber Performance Goals? The HHS Introductory Strategy for Healthcare Sector Cybersecurity is a Game Changer
Read NIST 800-665 Minute Read
The Ultimate TPRM & Cyber Risk Glossary
When in doubt, use an acronym.
Whether you’re a seasoned healthcare CISO or you’re new to the industry and convinced people are just making up acronyms—this glossary has you covered. From standard industry frameworks to CORL-specific terms, it’s your Rosetta Stone for healthcare TPRM, cyber risk, and compliance.
Understanding NIST 800-66
NIST 800-66 is a specialized guide developed by the National Institute of Standards and Technology to assist healthcare organizations in implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This framework provides technical guidance on protecting electronic protected health information (ePHI), ensuring that healthcare providers, insurers, and their third-party vendors maintain strict data security and privacy standards. NIST 800-66 is vital for assessing third-party vendors who handle or process health information, as compliance with this framework helps mitigate the risk of data breaches and ensures HIPAA alignment.
The NIST 800-66 guide outlines key security practices for ePHI, including access control, audit trails, encryption, and risk assessment, to help organizations achieve HIPAA compliance. For companies working with healthcare data, ensuring that third-party partners follow NIST 800-66 guidelines is critical for maintaining regulatory compliance and protecting patient data. Implementing this framework strengthens the organization’s defenses against data breaches and reduces legal and financial risks associated with non-compliance in the healthcare industry.