HIPAA Safe Harbor Security Practices
The bill defines 'Recognized Security Practices' as "standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the NIST Act, the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015."
Aim is to reduce potential sanctions, penalties, and the length of audits when cybersecurity best practices are followed.
HITRUST believes the legislation will encourage healthcare organizations to take a more proactive approach to HIPAA compliance.
HITRUST Certification are recognized to protecting healthcare data.
NIST Informative References in version 1.1 of the NIST Cybersecurity Framework document include CIS CSC, COBIT, ISA 62443-2-1 and 62443-3-3, ISO/IEC 2001, and NIST SP 800-53.
NIST Online Informative Reference (OLIR) Catalog contains Informative References such as NIST IR 8286, NIST SP 800-171, NIST SP 800-181, and the HITRUST CSF.