Most healthcare providers must comply with HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act). Some organizations also need to follow NIST 800-53, state privacy laws (such as CCPA or Texas Medical Privacy Act), and security frameworks like CIS Controls for cybersecurity best practices.