HIPAA was passed in 1996 to establish standards for privacy and security of health records. It requires healthcare workers to protect patient confidentiality and only disclose the minimum necessary information for treatment. HIPAA also sets compliance standards for electronic transactions, privacy, security, and identifiers. Violations can result in civil penalties up to $25,000 per violation or criminal penalties such as fines up to $250,000 and imprisonment.