Page 58 - Cyber Defense eMagazine forJune 2021
P. 58
In February 2016, the OCR published a crosswalk, connecting the HIPAA Security Rule with the National
Institute of Standards and Technology’s (NIST) Cybersecurity Framework. This document maps the
overlaps between the two frameworks and as the Security Rule offers flexible and scalable guidance,
aligning it with the NIST Cybersecurity Framework allows Covered Entities to identify and correct
vulnerabilities in their cybersecurity. By complying with NIST’s Cybersecurity Framework and
implementing the necessary HIPAA safeguards, healthcare organizations can protect themselves from
even the most serious data breaches and subsequent consequences, while ensuring HIPAA compliance.
Moving forwards, the events of 2020 look set to change the way we approach data security and we can
anticipate reforms being made to legislation in 2021. The HHS has already hinted change may be on the
horizon for the Privacy Rule, perhaps plans for the Security Rule are also being considered.
The last major overhaul to HIPAA legislation was in 2013, with the Final Omnibus Rule. This rule
introduced many of the privacy and security recommendations of HITECH. However, much has changed
to the cybersecurity landscape since 2013, and the threats facing healthcare organizations today are far
more advanced. Considering ransomware, the onslaught of this malware happened well after 2013. So
it is conceivable why some people are calling for a major shakeup.
Looking at the healthcare technology trends, cybersecurity will remain a key focus of the healthcare
industry over the coming year, as we learn from our experiences during the pandemic and look to better
protect our valuable patient data, including big data analytics as this becomes more commonplace. It
remains to be seen whether the OCR will take this opportunity to update HIPAA regulations, taking into
account the evolution in cyberattacks that were not accounted for when the law was enacted.
About the Author
Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net.
A graduate of the University of Chester and postgraduate of the University
of Liverpool, with a Ph.D. in Gastroenterology and Cell Biology and a First-
class degree in Biomedical Sciences. An experienced and passionate
medical writer and an expert in writing scientific documents, regulatory-
related documents, and articles discussing US Healthcare and
Compliance.
Rachael can be reached online at website https://www.atlantic.net/
Cyber Defense eMagazine – June 2021 Edition 58
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.