The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established federal regulations that require all organizations that manage Protected Health Information (PHI) to safeguard the privacy and security of their data.

This Act isn't restricted to clinic or healthcare businesses. Any organization that sends or receives Personal Health Information (PHI) is subject to this compliance legislation. Although the legislation has been in force for a while, a 2006 survey of more than 300 healthcare providers and subscribers found that only about half of them are compliant with the HIPAA Security standards.