The Health Insurance Portability and Accountability Act of 1966 is a law that ensures the security of sensitive patient health information by issuing national standards that prohibit the disclosure of such without the patient's consent or knowledge.
One misconception that people generally have with HIPAA is that all health-related data is secure. They're not. HIPAA doesn't cover everything.
Entities under HIPAA include (1) healthcare providers such as hospitals, private medical offices, medical professionals, labs, clinics, and pharmacies, and (2) subcontractors or "business associates" which include third-party vendors, health plan providers, and insurance companies.
HIPAA doesn't include pharmaceutical companies, employers, universities, and social media businesses. This means that, for example, giving personal information on Instagram for buying health-related products or services will not be covered by HIPAA in case a data breach occurs.
Employers asking about an employee's health-related concerns will not be considered an HIPAA issue, although it could be a discrimination issue.
Also, universities accessing students' records from the campus health clinic regarding any issue students may be involved in, for example, sexual assault cases or other violent crimes like hazing incidents, is not covered by HIPAA, although it is under the Federal Educational Records and Privacy Act (FERPA).
One way experts suggest to increase one's data security is by enabling two-factor authentication. Also, it is best to avoid connecting through public WiFi to prevent sensitive information from being leaked.
On the part of healthcare providers, getting more secure and efficient software or ERP systems will most likely let doctors focus on being doctors instead of worrying about their patients' data security, just as ZDoggMD's music video above astutely points out.
(Video credit: Dr. Zubin Damania aka ZDoggMD/Youtube)