(ISC)2 Certified in Cybersecurity Practice Exam

What is the primary U.S. federal law regarding the regulation of healthcare information?

• A. General Data Protection Regulation
• B. Health Insurance Portability and Accountability Act
• C. Confidentiality Act
• D. Affordable Care Act

The correct answer is: Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) is the primary U.S. federal law that regulates healthcare information. Enacted in 1996, HIPAA was designed to protect sensitive patient information from being disclosed without the patient's consent or knowledge. It sets national standards for the protection of health information and establishes rules for the privacy and security of protected health information (PHI). Under HIPAA, covered entities such as healthcare providers, health plans, and healthcare clearinghouses are required to implement safeguards to ensure the confidentiality, integrity, and availability of PHI. This includes administrative, physical, and technical safeguards to protect information from unauthorized access and disclosure. While other laws, like the General Data Protection Regulation (GDPR), the Confidentiality Act, and the Affordable Care Act, relate to aspects of healthcare or data privacy, they do not specifically address the comprehensive regulation of healthcare information as HIPAA does. The GDPR is focused on data protection and privacy in the European Union, the Confidentiality Act lacks prominence and specificity concerning healthcare, and the Affordable Care Act is primarily concerned with health insurance reform rather than the detailed regulations surrounding the handling of health information.