Which acronym governs patient privacy and health information in the United States?

HIPAA governs patient privacy and health information in the United States. HIPAA stands for Health Insurance Portability and Accountability Act, and it created the Privacy Rule and the Security Rule to protect PHI—health information that identifies a patient. The Privacy Rule limits who can access or share PHI and gives patients rights over their records, while the Security Rule requires safeguards for electronic PHI. In everyday practice, this means handling patient data—medical histories, diagnoses, imaging, and billing information—only for legitimate purposes, using secure methods to share data, and keeping records protected from unauthorized access. This protection is especially important in eye care, where sensitive health information is routinely stored and transmitted. Other agencies have different roles: the FDA oversees drugs and medical devices, OSHA focuses on workplace safety, and the ADA addresses accessibility and anti-discrimination; none govern patient health information privacy in the way HIPAA does.