120 workers at a Los Angeles hospital inappropriately accessed celebrities' medical records and personal information from January 2004 to June 2006 without permission. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect patients' personal health information. Failure to comply with HIPAA can result in civil and criminal penalties ranging from $100 per violation up to $1.5 million, depending on the type and severity of the violation.