Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data.
(Centers for Medicare and Medicaid services, 2008)
Any personally identifiable patient information you have, MUST be secured.
HIPAA allows for stiff penalties for non-compliance
YOU are responsible for patient information and HIPAA compliance