I'm in the UK and our rules are different, we don't have anything directly equivalent to HIPAA (I suspect because we don't currently have the huge number of private hospitals/doctors the US has) in fact even finding out the exact standards you'd have to comply with for the UK is a challenge.
GDPR is good in that regard as the standards are high and apply to more than just electronic storage/interchange.
GDPR is good in that regard as the standards are high and apply to more than just electronic storage/interchange.