HIPAA establishes standards to protect patients' private health information and maintain its confidentiality. To improve confidentiality, a health care organization should train all staff on HIPAA laws regarding privacy, have them sign confidentiality agreements, and conduct regular reviews of privacy policies and penalties for violations. Repeated training through posting privacy laws and quarterly reviews is key to ensuring compliance. Violations can result in fines up to $1.5 million depending on the nature of the infraction.