The National Institute of Standards and Technology (NIST) has issued draft guidance titled "
Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide," NIST Special Publication 800-66, Revision 2 (the Resource Guide), to assist HIPAA-regulated entities of all sizes understand and implement the HIPAA Security Rule. NIST does not promulgate regulations to enforce HIPAA -- the Resource Guide is meant to provide HIPAA-regulated entities with cybersecurity guidance to help maintain the confidentiality, integrity, and availability of electronic protected health information (ePHI) in accordance with the HIPAA Security Rule. You can read and access the draft guidance using the link below. Comments on the draft are due by October 5, 2022.
https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft