Q: Regarding patient portals, to what degree is it the individual's responsibility to keep his or her health information private? Would the healthcare organization be liable if someone else obtained the individual's login credentials—perhaps if the individual is known to use the same password for many applications—and accessed the records?.