From FISMApedia
Jump to: navigation, search

NIST SP 800-66

Describing 21 of the HIPAA Security Rule's 42 implementation specifications. To meet the addressable implementation specifications, a covered entity must- (i) Assess whether each implementation specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the entity's electronic protected health information; and (ii) As applicable to the entity - (A) Implement the implementation specification if reasonable and appropriate; or (B) If implementing the implementation specification is not reasonable and appropriate-(1) Document why it would not be reasonable and appropriate to implement the implementation specification; and (2) Implement an equivalent alternative measure if reasonable and appropriate. (45 C.F.R. Sec. 164.306(d)(3))