Signed into US law in 1996, the Health Information Portability and Accountability Act (HIPAA) outlines the ways Protected Health Information (PHI) can be used and disclosed within the healthcare industry. HIPAA consists of five main safeguards that cover general, administrative, physical, technical, organizational, and policies/procedures. Organizations required to follow HIPAA include healthcare providers such as hospitals, health clinics, nursing homes, doctors, dentists, pharmacies, chiropractors, and psychologists; health plan providers including health insurance providers, company health plans, and government healthcare programs; and healthcare clearinghouses that process or store health information.
ISO 27001 was created by the International Standardization Organization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001 serves as an international standard that outlines how organizations should manage information security. The ISO standard can be adopted by any organization and was written by a community of information security experts and serves as an industry best practice. Companies showing conformance can become ISO certified. This framework is commonly used in international business and across many industries, including finance, energy, telecommunications; any industry that needs to protect sensitive information. This is one of the most popular baseline security frameworks organizations can follow, but as a baseline it is typically supplemented by other security frameworks.