Which act includes privacy and security rules to protect PHI?

Protecting patient information within healthcare is governed by a law that combines two main safeguards: a Privacy Rule and a Security Rule. The Privacy Rule defines how PHI can be used and disclosed and gives individuals rights over their records, such as access and control. The Security Rule requires organizations to put in place safeguards—administrative procedures, physical protections, and technical measures—to guard electronic PHI from unauthorized access or breaches. This framework applies to covered entities like healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. While other regulations may protect personal data in broader contexts, HIPAA is the specific act that addresses privacy and security protections for PHI.