The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered entities to protect the privacy and security of an individual’s Protected Health Information (PHI) among its other requirements. It applies to any organization that collects, stores or shares PHI, including health plans, healthcare clearinghouses, and healthcare providers who conduct certain financial and administrative transactions electronically, like doctors and hospitals.