Which statute governs the confidentiality of patient information in the United States?

The Health Insurance Portability and Accountability Act (HIPAA) is the statute that governs the confidentiality of patient information in the United States. Enacted in 1996, HIPAA established national standards for the protection of health information and aims to ensure that individuals' medical records and other personal health information are properly safeguarded.

HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, collectively known as covered entities. It sets rules regarding the use and disclosure of protected health information (PHI) and grants patients rights over their own health information, including the right to access their records and request corrections. The legislation also requires covered entities to implement safeguards to protect the privacy of patient information and specifies penalties for violations.

While other acts listed serve important functions—such as the Patient Protection and Affordable Care Act focusing on health insurance coverage, the Family Educational Rights and Privacy Act protecting student education records, and the Food, Drug, and Cosmetic Act regulating food and drug safety—they do not specifically address the confidentiality of patient health information in the same manner as HIPAA. Thus, HIPAA is the correct choice when discussing statutes explicitly governing patient confidentiality.