This document discusses patient confidentiality and privacy protections under HIPAA. It outlines patients' rights to private medical records and notification of breaches. HIPAA established federal protections for individual health information and charges DHHS and CMS with enforcing privacy and security standards. Violations can result in penalties up to $1.5 million and prison time. Medical records may only be accessed for treatment, billing, auditing, or healthcare operations. Security measures like passwords, audits, and virus software help ensure compliance. Reviewing patient records must follow HIPAA guidelines.