United States of America: Announced Planned updates of NIST SP 800-66

On 5 September 2023, the US National Institute for Standards and Technology (NIST) announced that it would publish a final draft of Special Paper (SP) 800-66 Revision 2 in late 2023. The SP provides guidance on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which requires regulated entities processing electronic protected health information (ePHI) to protect such information from hazards, and impermissible uses and disclosures. Specifically, the SP provides guidance on topics like risk assessments, risk management, and various types of safeguards. The revision will be based on a public consultation on the SP in 2022. NIST provided details of a number of intended changes, such as providing more resources for small regulated entities, clarifying the definitions of "risk analysis" and "risk assessment", and making changes to the Appendix