How data privacy frameworks are evolving, and how they can guide risk-based decisions

Organizations can use the NIST Privacy Framework to help implement, measure, and improve their privacy programs in the face of evolving data privacy rules and risks. Although it cannot replace compliance obligations under the HIPAA Rules, the framework offers core functions and controls to manage privacy risks regardless of organizational size or data type. Implementing a framework can be challenging, but it is essential for healthcare organizations to protect data privacy in light of increasing regulatory enforcement and legislation. Stakeholders must consider data types, regulatory mandates, and conduct routine assessments to mitigate risks.