The Health Insurance Portability and Accountability Act (HIPAA) requires institutions that use identifiable health information to comply with strict privacy standards or face penalties. It sets minimum standards for how medical information may be used and disclosed. Failure to comply can result in fines up to $100 per violation or $25,000 per requirement, and wrongful disclosure can lead to fines of $50,000/1 year or $100,000/5 years imprisonment depending on intent. Multiple state laws have introduced additional standards and penalties beyond HIPAA as well.