| Authors’ citation | What specific topics are covered? | How was SP 800-66 Revision 1 used? | Publishing Year |
| (Gikas, 2010) [17] | Regulatory Compliance Requirements | It was used as an example of one of the sources for implementing the requirements of the HIPAA Security Rule. | 2010 |
| (Pagano & Peterson, 2010) [18] | Regulatory Compliance Requirements | It was used as a reference for access controls on electronic devices | 2010 |
| (Ghafarian & Smith, 2011) [19] | Risk Assessment | It was used as an example of one of the risk assessment methodologies used by United States healthcare | 2011 |
| (Avancha et al., 2012) [20] | Confidentiality, Integrity, Availability (CIA). | It was used as a source to address privacy. Particularly in healthcare mobile technology | 2012 |
| (Rahman & Kreider, 2012) [21] | Electronic Medical Record (EMR) | It was used as a source to explain confidentiality in healthcare organizations | 2012 |
| (Alaqili, 2013) [22] | HIPAA Security Rule. | It was used as a source in developing questionnaires for risk assessment reports in the healthcare domain | 2013 |
| (Meyer et al., 2016) [23] | Security Controls | It was used as a Security and privacy requirement for systems, including healthcare organizations | 2016 |
| (Aranha et al., 2019) [24] | Industrial Internet of Things (IIoT) and Interoperability | It was used as a security standard to describe the security requirements for all types of healthcare environments including medical devices. | 2019 |
| (Valluripally et al., 2019) [25] | Regulatory Compliance Requirements | It was used as a security standard to configure cloud-based system healthcare domain involving Big Data | 2019 |
| (Jabangwe & Nguyen-Duc, 2020) [26] | IoT healthcare software | It was used as an example of the security standard in the United States, particularly from the regulation of the healthcare domain | 2020 |
| (Wilkinson et al., 2021) [27] | HIPAA Security Rule Requirements for the Electronic Medical Record (EMR) | It was used as a reference for the Health Insurance Portability and Accountability Act (HIPAA) because EMRs contain patient event logging data, and Protected Health Information (PHI), which are originally mandated by the Security Rule in HIPAA | 2021 |