The use and disclosure of patient medical information originally was protected by a patchwork of state laws, leaving gaps in the protection of patients’ privacy and confidentiality. The . Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law encouraged electronic transactions to lower health care costs, but also required new safeguards to protect the security and confidentiality of that information. All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered
