The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress on August 21, 1996. Organizations must have become compliant by April 14, 2003 ( April 14, 2004 for small health plans). The law requires any health care provider to meet certain privacy standards with respect to personal health information. The Act specifically states that "a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information." The protection given must be for both intentional and unintentional disclosures of personal health information. HIPAA applies to the following: a health plan, which is defined as an individual plan or group health plan that provides, or pays the cost of, medical care; a health care provider which is defined as a provider of medical or health services and any person or organization who furnishes, bills, or is paid for health care services or supplies in the normal course of business; or a health care clearinghouse which is considered to be a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements.