Which law provides federal protections for the storage and disclosure of patients' mental and physical health information?

HIPAA, or the Health Insurance Portability and Accountability Act, is the law that provides federal protections for the storage and disclosure of patients' mental and physical health information. Enacted in 1996, HIPAA established national standards for the protection of health information, ensuring that patient data is kept confidential and secure. It includes provisions that govern the privacy and security of individuals' medical records and other personal health information.

HIPAA's regulations apply to health care providers, health plans, and health care clearinghouses that conduct certain health care transactions electronically. The law not only emphasizes the importance of maintaining the integrity and security of health information but also grants patients rights over their own health information, including the right to access their records and choose who can see their information.

In contrast, the other laws mentioned serve different areas: the DMCA (Digital Millennium Copyright Act) focuses on copyright laws and digital rights, SOX (Sarbanes-Oxley Act) deals with financial reporting and corporate governance, and FISMA (Federal Information Security Management Act) pertains to information security for federal agencies. These laws do not specifically address the privacy and protection of patients' health information like HIPAA does.