The Health Insurance Portability and Accountability Act (HIPAA) Security Rule established rules and regulations around the protection of personal healthcare information (written and electronic) that is used, maintained, and created by what is called a Covered Entity. Covered Entities originally included ambulatory physician practices, surgery centers, hospitals, health care insurance companies/plans, and claims clearing houses. In 2013, the Security Rule was modified to require any business associate or business partner of a Covered Entity that has access to patient information must also take the appropriate steps to safeguard patient health information. HIPAA requires that all Covered Entities perform various information security tasks in order to have the appropriate physical, technical and administrative procedures in place to protect electronic patient health information.