The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created to protect sensitive health information from being disclosed without the patients’ consent. The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general issue penalties for HIPAA violations, and these penalties can be devastating for healthcare companies.