NIST released updated guidance to help HIPAA-covered entities and business associates assess and manage cybersecurity risks to electronic protected health information and comply with the HIPAA security rule. HHS’ Office for Civil Rights collaborated with NIST on the guidance, last updated in 2008, which identifies activities that a regulated entity might consider implementing as part of an information security program and resources to help in complying with the HIPAA security rule.