HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. All entities which maintain and or transmit electronic healthcare data are required to comply.

Links to US Federal Security Standards & Recommendations

Department of Health and Human Services, Educational Series: Security 101 for Covered Entities
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.pdf
Department of Health and Human Services, Educational Series: Administrative Safeguards
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf
Department of Health and Human Services, Educational Series: Physical Safeguards
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf
Department of Health and Human Services, Educational Series: Technical Safeguards
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
NIST – HIPAA Security Rule Toolkit
http://scap.nist.gov/hipaa/
HIPAA Security Checklist
http://www.ihs.gov/hipaa/documents/ihs_hipaa_security_checklist.pdf

Industry Resources

HIPAA Collaborative of Wisconsin
http://hipaacow.org/resources/
SANS HIPAA Security Policies
http://www.sans.org/security-resources/policies/hipaa.php