The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") was enacted to protect the privacy and security of health-related personal information. HIPAA requires institutions that store, transmit, and manage personal medical information to have control over the confidentiality, integrity and availability of this data. The University of Pittsburgh is required by law to maintain privacy and security controls over medical records in its care. The University has established standards for complying with HIPAA. The University has also established specific computer security controls that must be enacted on any University computer system that stores, transmits, or manages HIPAA data.