HIPAA: Health Insurance Portability and Accountability Act - Primary federal law governing healthcare privacy and security requirements for protected health information (PHI)
HITECH Act: Health Information Technology for Economic and Clinical Health Act - Extends HIPAA requirements and strengthens enforcement of privacy and security protections
21st Century Cures Act: Federal law promoting interoperability and preventing information blocking in healthcare technology systems
Americans with Disabilities Act: Federal law ensuring accessibility requirements in healthcare services and technology systems
Civil Rights Act: Federal law containing non-discrimination provisions that must be reflected in healthcare system access and usage policies
HIPAA Privacy Rule: Specific regulations establishing national standards for the protection of individuals' medical records and other personal health information
HIPAA Security Rule: Establishes national standards for securing electronic protected health information including administrative, physical, and technical safeguards
HIPAA Enforcement Rule: Sets standards for enforcing HIPAA rules, including compliance requirements and penalty structures
HIPAA Breach Notification Rule: Requires covered entities to notify individuals, HHS, and in some cases the media, of a breach of unsecured protected health information
Computer Fraud and Abuse Act: Federal law prohibiting unauthorized access to protected computer systems, including healthcare information systems
Electronic Communications Privacy Act: Federal law setting standards for electronic communications privacy that affects healthcare communications systems
CAN-SPAM Act: Federal law governing electronic communications that impacts healthcare-related electronic messaging and marketing
FISMA: Federal Information Security Management Act - Provides framework for protecting government information, including healthcare data in federal systems
State Data Breach Laws: Various state-specific requirements for notification and handling of data breaches involving healthcare information
State Privacy Laws: State-specific privacy regulations (such as CCPA) that may impose additional requirements on healthcare data handling
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risks in healthcare
NIST SP 800-53: Security and privacy controls standard that provides detailed guidance for implementing technical security measures in healthcare systems
HITRUST CSF: Healthcare-specific security framework that harmonizes various standards and regulations into a single overarching security framework
Joint Commission Requirements: Healthcare accreditation standards that include requirements for information management and technology use in healthcare settings
Professional Licensing Requirements: State-specific healthcare professional licensing requirements that may impact system access and use policies
