HIPAA was created to protect individuals' health information by establishing privacy and security standards. It defines rules for protecting personal health information held by covered entities like health plans, providers, and clearinghouses. The Privacy Rule establishes how personal health information can be disclosed for treatment, payment and other purposes. The Security Rule specifies safeguards like administrative and technical controls to protect electronic health information. Violations of HIPAA can result in civil penalties of up to $25,000 per person per year or criminal penalties such as fines and imprisonment, depending on the nature of the violation.