NCHICA Academy

The NIST Privacy Framework is designed to help organizations:

• Identify, assess, manage, and communicate privacy risks
• Develop innovative approaches to protect individuals’ privacy
• Increase trust in products and services
• Have a tool that would assist with enterprise privacy risk management

Process-oriented privacy principles (such as the Fair Information Practice Principles) are an important component of an overall privacy strategy, but on their own have not achieved consistent and measurable results in privacy protection. In the security field, risk management models, along with technical standards and best practices, are key components of improving security. The NIST Privacy Framework applies successful security methodology, with clearly stated objectives and measurable outcomes, to the protection of privacy.

The Privacy Framework incorporates standards, frameworks, models, methodologies, tools, guidelines, and principles utilized by organizations to identify, assess, manage, and communicate privacy risk at the management, operational, and technical levels. Compatible with existing legal and regulatory regimes, the healthcare industry will find the Framework useful in meeting the compliance requirements of the HIPAA Privacy Rule. Designed to integrate with the NIST Cybersecurity Framework, healthcare organizations may combine the Cybersecurity and Privacy Frameworks to incorporate compliance with HIPAA’s Security and Privacy Rules into the Enterprise Risk Management program.

Participants will be able to:

• Recognize the primary sources for current privacy management practices
• Discuss the relationship between privacy and security risks
• Compare and contrast NIST’s Cybersecurity and Privacy Frameworks
• Describe the structure and purpose of the NIST Privacy Framework
• Understand how to use the NIST Privacy Framework in their organizations