Which regulation mandates that organizations secure sensitive personal information?

The Health Insurance Portability and Accountability Act (HIPAA) is specifically designed to protect sensitive personal health information. Enacted in 1996, HIPAA establishes standards for the handling of patient data, ensuring that healthcare providers, insurers, and other related entities implement measures to secure this information and maintain privacy. HIPAA outlines specific requirements for the protection of electronic health records and requires organizations to follow protocols that safeguard personal health information from unauthorized access and disclosure. Compliance with HIPAA is crucial for any organization that deals with personal health data, as it not only protects patients' rights but also imposes penalties for non-compliance.

Other regulations like FISMA, GDPR, and PCI DSS cover different aspects of data security or protection but do not primarily focus on sensitive personal health information in the same way that HIPAA does. FISMA pertains to federal information systems, GDPR addresses data protection and privacy for individuals within the European Union, and PCI DSS governs the security of credit card transactions, emphasizing payment data security over health information specifically.