Which compliance framework governs requirements for the U.S. healthcare industry?