As security challenges become more complex, so too, the understanding and applications of the landmark Health Insurance Portability and Accountability Act (HIPPA) continue to evolve. That’s according to an extensive overview of the law’s history that appears in Becker’s Health IT & CIO Review.

While originally intended to ensure health insurance coverage for Americans who lost or changed jobs when it was signed into law in 1996, HIPAA has become best known for the Privacy Rule amendment that passed in 2001, which stipulated protections for individuals concerning their private health information. In 2013, the final omnibus rule increased non-compliance fines to their current tiered system of penalties, which can institute penalties of up to $50,000 per offense.

In that environment, perhaps it’s unsurprising that hospitals have become defensive, citing HIPAA regulations as protection even in cases where the law isn’t applicable. The article cites two cases: one in which a mother was threatened with jail time for taking a photo of her son in the hospital, and another in which a rehabilitation center refused to turn over information related to the alleged sexual abuse of a residence, citing privacy concerns. In reality, the law’s architecture includes provisions that protect both police officers and whistleblowers who access information.

With patients increasingly attuned to the vulnerability of their own information, some providers are now using HIPAA to gain leverage over their competitors. Organizations touting their HIPAA compliance are speaking out of turn, according to Jeff Tangney, cofounder and CEO of the physician social networking site Doximity, who is quoted in the article. While products or services can be HIPAA-secure, meaning that they include necessary encryption and authentication levels, compliance is largely a function of the actions taken by users of a given service—and therefore ultimately out of any organization’s control.

For more background on HIPAA and its ongoing evolution, check out the full article.