HIPAA was passed in 1996 to protect individuals' health information by establishing privacy and security standards. It applies to covered entities like health plans, providers, and clearinghouses, as well as their business associates. HIPAA regulates the use and disclosure of protected health information. HITECH, passed in 2009, strengthened HIPAA by adding breach notification requirements for covered entities and business associates to notify individuals and the government when unsecured health data is compromised.