How do you ensure data security and compliance, such as HIPAA standards, when designing APIs that handle sensitive patient information?