The landscape of information security in healthcare is a complicated one. There are federal laws and regulations such as HIPAA to safeguard patient privacy, physicians organizations and other groups have formed CCHIT to promote and certify standardized EHR, and healthcare companies have formed the HITRUST Alliance to develop and promulgate security standards for systems and networks handling healthcare data.

This paper serves as a brief guide to this confusing and changing landscape.