HIPAA was enacted in 1996 and requires health care providers and organizations (also known as Covered Entities), as well as business associate, to develop and follow procedures to protect the confidentiality and security of protected health information when it is transferred, received, handled, or shared. This includes information in electronic format (ePHI).