Skip to content

OCR Announces Revision to Publication on Implementing HIPAA Security Rule

On April 29, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that the National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The purpose of the publication is to provide security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule.

According to the NIST, the revisions will improve the overall readability of the publication by:

  1. educating readers about information security terms used in the HIPAA Security Rule,
  2. amplifying awareness of NIST cybersecurity resources relevant to the HIPAA Security Rule, as well as awareness of non-NIST resources relevant to the HIPAA Security Rule, and
  3. providing detailed implementation guidance for covered entities and business associates.

The NIST is seeking comments from various stakeholders – covered entities, business associates, consultants – about how organizations are implementing the Resource Guide, its application, and its use in practice. The comment period will be open through June 15, 2021. Comments may be submitted via email to:, with “Resource Guide for Implementing the HIPAA Security Rule Call for Comments” in the subject field. Once completed, the resulting draft of SP 800-66, Rev. 2, will be provided for public review and comment.

For our OSHA Review subscribers… for more information on HIPAA compliance, please refer to the November/December 2018 Training Document in Section DX of your OSHA Review binder.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.

Back To Top