The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, controls the way healthcare providers and health plans must handle privacy and security of patient information. Organizations affected by HIPAA must be compliant or risk investigation by the Office of Civil Rights and possible fines and penalties.
 HIPAA's primary purpose is to ensure that protected health information (PHI) is properly handled. PHI is any health information created or received (electronic records, paper records and spoken communication) that could identify a specific person. One of the most obvious pieces of PHI is a patient's medical record.