With worry about cyberattacks on health data networks at an all-time high, the Department of Health and Human Services’ Office for Civil Rights (OCR) is drawing on the National Institute of Standards and Technology (NIST) for help in shoring up healthcare organizations’ compliance with the HIPAA Security Rule.
Late last month, OCR released its “crosswalk” to the NIST Cybersecurity Framework, a set of tools and information to help HIPAA covered entities and their business associates better comply with the security rule.
The crosswalk correlates, or maps, security rule regulations to NIST’s “Framework for Improving Critical infrastructure Cybersecurity,” the Ice Miller Strategies LLC law firm blog reported.
“Organizations that have already aligned their security programs to either the NIST Cybersecurity Framework or the HIPAA Security Rule may find this crosswalk helpful as a starting place to identify potential gaps in their programs,” according to OCR. “Addressing these gaps can bolster their compliance with the Security Rule and improve their ability to secure ePHI  and other critical information and business processes.”
In a release announcing the crosswalk, OCR added: “The need for health care organizations to up their game on health data security has never been greater.”
OCR said the crosswalk also supports the President Obama’s Cybersecurity National Action Plan, announced Feb. 9.
The so-called Hollywood hospital hack in February was the latest high-profile cyberattack on a health system.
A SearchHealthIT survey last year found that security is paramount in health IT buying decisions.
Health data cybersecurity was also a hot topic at the HIMSS 2016 show in Las Vegas last week.