The Department of Health and Human Services’ office of civil rights has released a crosswalk document in an effort to help healthcare organizations understand the overlap between the Health Insurance Portability and Privacy Act Security Rule and the National Institute of Standards and Technology’s Cybersecurity Framework.
OCR developed the document in collaboration with NIST and the Office of the National Coordinator for Health IT, HHS said Feb. 23.
The document also aims to help healthcare groups identify gaps in their cybersecurity programs and implement measures meant to safeguard electronic health data.
The crosswalk also includes mappings of different categories to other security frameworks such as the Council on Cybersecurity Critical Security Controls and Control Objectives for Information and Related Technology Edition 5.
Those categories include asset management, risk assessment, access control, data security and information protection procedures.