HIPAA establishes privacy standards for protected health information (PHI) that aim to give patients more control over their medical records and set boundaries around how health information can be used and shared. It covers all healthcare organizations and providers who must limit sharing of PHI to those directly involved in treatment, payment, or operations. Violations of HIPAA standards regarding improper access or disclosure of PHI can result in civil fines, criminal charges, and penalties like suspension, termination, or loss of medical licenses.