Look Out for the HIPAA Crosswalk
To help organizations covered by the Health Insurance Portability and
Accountability Act (HIPAA) to bolster their security posture, the Office for
Civil Rights (OCR) has released a “crosswalk” developed with the National
Institute of Standards and Technology (NIST) and the Office of the National
Coordinator for Health IT (ONC), that identifies “mappings” between the NIST
Framework for Improving Critical Infrastructure Cybersecurity (the
Cybersecurity Framework) and the HIPAA Security Rule. The crosswalk also
includes mappings to other commonly used security frameworks. Entities covered
by HIPAA must implement strong data security safeguards in their environments,
and in particular, comply with the HIPAA Security Rule to ensure the confidentiality, integrity, and availability of all of the electronic protected health information (ePHI) they create, receive, maintain or transmit.
subject to HIPAA, including all self-funded plans, EAPs, FSA, HRA and HSAs,
should ensure they are HIPAA-compliant.
For complete details, see “crosswalk” guidance.
- For more information on how to ensure HIPAA compliance, and other resources, see Security Rule Guidance Material.