The new General Data Protection Regulation (GDPR), ePrivacy regulation and each EU Member State define strict requirements and penalties for non-compliance regarding health data processing.
The HIPAA - Health Insurance Portability and Accountability Act, defines policies, procedures and guidelines for maintaining the privacy and security of individually identifiable health information and sets civil and criminal penalties for violations.
These are defined also by organizations such as ENISA, OWSP or ISO (e.g. ISO 27002 controls). They specify more technical requirements, controls, security principles, and quality management principles that must be applied during software development.
Learn all you need to know about software, security and compliance. Become a security expert
Do our COMPLIANCE TEST and get "Compliance in the EU" guide for free. Discover what you need to implement to be compliant