Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
Those best practices would need to comply with recommendations from or protecting data from the National Institute of Standards and Technology or some other government-endorsed standards body.
