The Health Insurance Portability and Accountability Act (HIPAA) helps keep entities covered under HIPAA accountable for the privacy and security of patients’ health information. Although electronic health records convert the health information from your paper medical charts into a digital format, they do not change the obligations providers have to keep your health information private and secure. Health care providers are required by the HIPAA Security Rule to set up physical, administrative and technical safeguards to protect your electronic health information such as “access controls” like passwords and PIN numbers to help limit access to your information; “encryption” so your health information can’t be read or understood except by someone who is authorized to view it; and an “audit trail” so there is a record of who has accessed your information and what changes were made and when. Once you download your personal health information from your health care provider or plan’s web site, it is your responsibility to protect that information.