HIPAA Tip: National Security Memorandum-22

On April 30th the White House released National Security Memorandum-22 (NSM-22) on Critical Infrastructure Security and Resilience which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and all-hazard threats.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will develop this National Plan to be forward-looking and employ all available federal tools, resources, and authorities to manage and reduce national-level risks, including those cascading across critical infrastructure sectors, which of course includes the healthcare sector.

Building off the priorities of NSM-22, the 2025 National Plan will articulate how the U.S. government will collaborate with partners to identify and manage national risk. NSM-22 details a new risk management cycle that requires Sector Risk Management Agencies to identify, assess, and prioritize risk within their respective sectors and develop sector risk management plans to address those risks.

This will be a fundamentally new approach to U.S. government risk management. In this era of technological advancements and dynamic global volatility, the security and resilience of our critical infrastructure are of paramount importance. Essential systems, including energy grids, water systems, transportation networks, healthcare facilities, and communication systems, are vital for public safety, economic stability, and national security.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.


Dawn Meglino

HIPAA Compliance Specialist, CHPSE, CCSA, CCAP