The Health Insurance Portability and Accountability Act of 1996, which set a standard for electronic health care transactions, has since put millions at risk for fraud and identity theft. California health insurer Health Net lost 1.9 million members’ records in 2011. The year before, records for 1.7 million New York City Health and Hospitals Corp. patients were stolen. What was the punishment? No fines, but some did sign “resolution agreements” with the Office for Civil Rights requiring them to fix their systems. Since the passage of HIPAA, the Office for Civil Rights has levied $9.5 million in total related fines, which went into its own coffers. Victims can try to sue, but unless they can show damages, their chances of winning are slim.