The Health Insurance Portability and Accountability Act of 1996 (HIPAA) will force healthcare organizations to use a standardized data exchange format and meet new privacy standards for patient information. Most companies are required to comply with the HIPAA privacy rules by April 14, 2003, but small health plans have until April 2004, according to a fact sheet from the U.S. Department of Health & Human Services (HHS).

The original deadline to comply with the related Electronic Health Care Transactions and Code Sets standards was October 16, 2002. However, many organizations are still grappling with the new mandate and have been given a one-year extension.

To help enterprises comply, both the federal government and independent organizations are providing online guidance and insight for enterprises striving to meet the HIPAA regulations.

Helpful resources on the Web
As this sampling of HIPAA-related Web sites illustrates, much information is available for IT leaders striving to understand policy requirements and undertake implementation issues.

The Centers for Medicare & Medicaid Services maintains a well-organized HIPAA site. You can find critical news about the data exchange standards on the administration simplification page.

HHS also maintains a national healthcare privacy standards site for business issues related to the organization’s policies. The Technical Assistance section explains what the law requires organizations to do, but doesn’t really give much useful information on how to do it.

The HIPAA Designated Standards Maintenance Organizations (DSMO) Web site is a quick source for getting downloads of the final rule and other HIPAA-related documents. Click the Frequently Asked Questions link on the left to reach the site’s knowledge base. Although the DMSO says the FAQ is still in beta, it contains links to numerous resources. Anyone can search the FAQ, but you must register to post a question.

The Workgroup for Electronic Data Interchange (WEDI) is an advocate for its member organizations and tries to clarify and support implementation of the HIPAA technical standards. For example, WEDI issued a strongly worded letter in March 2002 expressing frustration about the HHS delay in releasing CMS-0005-P (addenda to the transaction standards). Many WEDI resources are available to the public, but paying members can access additional information and participate in WEDI events.

The Strategic National Implementation Process (SNIP) is a WEDI subgroup that’s more focused on the concrete details of implementation rather than on the policy issues. Although we encountered a bit of redirection trouble on a recent visit to the site, the links to sections of the SNIP site worked fine. If you’d like to meet other IT leaders in your area to discuss implementing HIPAA, be sure to click the Regional SNIP Efforts link on the left.

Privacy/Security/HIPAA is an information-rich site sponsored by the Healthcare Information Management & Systems Society (HIMSS) and Zixcorp. You’ll find links to news, compliance information, legal issues, EDI standards, and more. Although HIMSS contains some members-only content, we were able to access HIPAASource without an ID or password.

More HIPAA information on TechRepublic

The following articles detail various HIPAA-related issues: