Healthcare is among the most personal services rendered in the society; yet to deliver this care, scores of personnel must have access to intimate patient information. In order to receive appropriate care, patients must feel free to reveal personal information. In return, the healthcare provider must treat patient information confidentially and protect its security. The need to protect patient confidentiality is evident in legal restrictions imposed by state laws and the Federal Health Insurance Portability and Accountability Act of 1996 and as recently amended under the Health Information Technology for Economic and Clinical Health Act. Organizations therefore must determine the appropriateness of all requests for patient information under applicable federal and state law and act accordingly. In fulfilling their responsibilities, healthcare executives should seek to: 1. Limit access to patient information to authorized individuals only. 2. Develop systems that enable organizations to track the use, access and disclosure of health records. 3. Identify special situations that require consultation with senior management prior to use or release of information.