This document discusses protected health information (PHI) and the risks of PHI breaches. PHI refers to any individually identifiable patient information including names, addresses, social security numbers, and dates. Breaches can occur through end users, back-end users, or human error such as sharing passwords or incorrect data sharing practices. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was developed to establish privacy and security policies around PHI and penalties for violations. Organizations can prevent breaches by enforcing strong security policies like multi-factor authentication and restricting physical access to PHI. Violations of PHI confidentiality may result in termination or legal action.