On February 24th the Office for Civil Rights (OCR) in conjunction with the National Institute of Standards and Technology (NIST) and the Office of the National Coordinator for Health (ONC) released a crosswalk, between the Cybersecurity Framework and the Health Insurance Portability and Accountability Act (HIPAA). The crosswalk also includes mappings to other commonly used security frameworks.
Since HIPAA was passed, healthcare organizations have been required to implement security controls; however, healthcare organizations still lack a basic understanding of their cybersecurity risk posture. The National Institute of Standards and Technology developed the Cybersecurity Framework in 2014 help address this issue. The Cybersecurity Framework enables organizations to align their cybersecurity activities with their business requirements, risk tolerance, and resources. Additionally, the Framework provides a mechanism for management to view and understand their approach to managing cybersecurity risk. The Framework provides a prioritized, flexible, repeatable, performance-based, and cost effective approach to managing cybersecurity risk.
Learn more about Cybersecurity and Healthcare checkout this webinar.
The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework can be found at http://www.hhs.gov/sites/default/files/NIST%20CSF%20to%20HIPAA%20Security%20Rule%20Crosswalk%2002-22-2016%20Final.pdf