Breaches of patient privacy/security are considered the number one risk for liability in the healthcare industry today. Control over patient information in today’s society is becoming ever increasingly difficult with the expanding use of electronic health records, personal health records and social media, plus the advent of Health Information Exchanges. Outsourcing of healthcare operations provides additional risk, especially the enforceability of patient privacy/security law when patient information is sent outside the US. Unfavorable media, government enforcement, class action litigation and identity theft all pose a constant concern to in-house counsel, and vendors themselves are now at greater risk of liability with penalties now imposed on business associates. This panel will provide an overview of the principal federal laws & regulations concerning privacy/security (HIPAA/HITECH/Red Flags), their interaction with select state laws, international laws (EU Data Protection), and practical ways to minimize risk and keep patient information private and secure.