HIPAA-covered entities—including healthcare providers, insurers, and business associates—must follow certain rules governing the way PHI is collected, shared, and used. PHI includes everything from patient demographic information to test and lab results. Passed by Congress in 1996, HIPAA is a dense piece of legislation that has serious implications for virtually all medical professionals. A HIPAA violation as simple as mentioning identifiable patient information in passing—during a staff lunch, for example—could cost your clinic upwards of $50,000 in fines. As HIPAA-covered entities, physical therapists, occupational therapists, and speech-language pathologists must stay compliant with all HIPAA policies.