Regulations > NIST SP 800-66

NIST SP 800-66

Provides a framework for all HIPAA covered entities to protect electronic protected health information

What Is NIST SP 800-66?

NIST SP 800-66 is part of the National Institute of Standards and Technology (NIST) 800 Series documents that describe U.S. federal government computer security policies, procedures, and guidelines.

“Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide” helps organizations understand and use the set of federal information security requirements adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). It provides guidance on how to maintain the confidentiality, integrity, and availability of electronic protected health information (ePHI), which includes a wide range of patient data, including prescriptions, lab results, and records of hospital visits and vaccinations.

At a Glance
FrameworkSP 800-66
RegionUnited States
Released2008, revised 2022
SAI360 SolutionHealthcare GRC
Policy Management Dashboard

Why Is NIST SP 800-66 Important?

All HIPAA covered entities are required to protect the confidentiality, integrity, and availability of ePHI. The ePHI that an organization creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures.

NIST security standards and guidelines can be used to support the requirements of HIPAA and are used to help provide a structured, yet flexible framework for selecting, specifying, employing, and evaluating the security controls in information systems

How SAI360 Supports NIST SP 800-66

SAI360 supports HIPAA compliance and information security management within the NIST Cybersecurity Framework by providing a flexible, agile approach to risk management. Our cloud-first software and modern ethics and compliance learning content maps risk to requirements, automates assessments, and improves compliance and business performance so you can truly manage your healthcare compliance. It enables you to make agile decisions using up-to-the-minute dashboards for key metrics to:

  • Strengthen HIPAA and NIST compliance
  • Centralize policy management across your organization
  • Develop a real-time view to manage IT risk

If you are looking to operationalize your system of record for compliance, risk and audit management, SAI360 provides a solution that is ready to help you meet the expectations of auditors, patients, and partners.


See how SAI360 helps manage risk in your industry.

Fill out the form and we’ll contact you.


Thank You

Thank you for getting in contact. We have received your request and will be in touch shortly.

Kind regards,

The SAI360 team