All health care entities that process health-related data are required to comply with the U.S. Department of Health and Human Services' (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic).

HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to:

• Improve portability and continuity of health insurance Combat waste, fraud and abuse in health insurance and health care delivery.
• Promote the use of medical savings accounts. Improve access to long-term health care services and coverage.
• Simplify the administration of health insurance.

The ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.

These objectives help promote the modernization of health information systems. Industry analysts estimate the process of updating health information systems to be about three to four times more difficult than Y2K. Becoming HIPAA-compliant is more challenging because of extensive cross-departmental compliance and training requirements. Where Y2K centered on IT procedures and systems, HIPAA affects the entire organization. With Y2K, there was a stop date when IT professionals and organizations could determine if their compliance efforts were successful. HIPAA is an ongoing administration, privacy and security challenge that must be constantly addressed.