United States Healthcare Data Breaches: Insights for NIST SP 800-66 Revision 2 from a Review of the NIST SP 800-66 Revision 1

Healthcare security and privacy breaches are occurring in the United States (US), and increased substantially during the pandemic. This paper reviews the National Institute of Standards and Technology (NIST) publication base as an effective solution. The NIST Special Publication 800-66 Revision 1 was an essential standard in US healthcare, which was withdrawn in February 2024 and superseded by SP 800-66 Revision 2. This review investigates the academic papers concerning the application of the NIST SP 800-66 Revision 1 standard in the US healthcare literature. A systematic review method was used in this study to determine current knowledge gaps of the SP 800-66 Revision 1. Some limitations were employed in the search to enforce validity. A total of eleven articles were found eligible for the study. Consequently, this study suggests the necessity for additional academic papers pertaining to SP 800-66 Revision 2 in the US healthcare literature. In turn, it will enhance awareness of safeguarding electronic protected health information (ePHI), help to mitigate potential future risks, and eventually reduce breaches.