Certified Professional in Health Care Risk Management (CPHRM) Practice Exam 2026 - Free CPHRM Practice Questions and Study Guide

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the correct answer because it was specifically designed to protect patient privacy and secure individual's health information. HIPAA establishes national standards for the protection of health information and requires healthcare organizations to implement safeguards to ensure the confidentiality and integrity of patient data.

This legislation includes provisions that limit the use and disclosure of individuals' health information, mandates the adoption of administrative, physical, and technical safeguards for protecting health data, and gives patients rights over their own health information, such as the right to access and request amendments to their records.

The other acts mentioned do not primarily focus on patient privacy protections. While the Patient Protection and Affordable Care Act (PPACA) addresses a range of health care issues, including access and affordability, it does not specifically target patient privacy. The Medicare Access and CHIP Reauthorization Act (MACRA) primarily relates to payment reforms in Medicare and Medicaid rather than privacy. The Employee Retirement Income Security Act (ERISA) deals mainly with pension and welfare benefit plans but does not focus on healthcare privacy protections. This context reinforces why HIPAA is uniquely positioned as the act that imposes specific patient privacy requirements in healthcare settings.