Our health information is something we'd usually prefer to keep between us and our doctors. But, according to a new investigation by ProPublica, hundreds of health providers are exposing that information with only mild consequences. According to the investigation, hundreds of violations from major health providers were reported to the U.S. Department of Health and Human Services Office for Civil Rights between 2011 and 2014. The top offender was the U.S. Department of Veterans Affairs, with 220 violations that resulted in the creation of a corrective action plan. Second place went to CVS, with 204 violations, followed by Kaiser Permanente (183), and Walmart (146). However, perhaps the worst part of this news is that the companies, even repeat offenders, rarely see severe punishments. "Although the Office for Civil Rights receives thousands of complaints a year," writes ProPublica, "it issues only a handful of financial penalties." Still, the companies told ProPublica that they take patient privacy seriously, and that they're continuously working to improve. Part of the Health Insurance Portability and Accountability Act (HIPAA) is meant to ensure that our health information — including things like your STD status or if you've had any surgeries — stays private. Violating the policy may include accidentally giving a patient someone else's test results, hospital staff taking pictures of patients and posting them on social media, or pharmacy staff yelling about a customer's birth control prescriptions. Alongside the review, the team also released HIPAA Helper. This tool allows you to search for reports of HIPAA privacy violations related to specific hospitals, insurers, or procedures. Our favorite so far? Someone got the wrong placenta. You can read the full investigation here.