The Health Insurance Portability and Accountability Act of 1996 (HIPAA) promises to streamline the conduct of electronic healthcare transactions by imposing standards, and at the same time to ensure the integrity, confidentiality and availability of the individually identifiable health information involved. Also known as the "Kennedy-Kassebaum Act," the original legislation instructed Congress to draft regulations (as part of the Clinton administration's Administrative Simplification efforts). As a result of Congressional inaction, the task fell to the Department of Health and Human Services (HHS), which as described below has substantially completed the various components of the rules. HIPAA will impose significant new compliance obligations, enforced by criminal penalties as well as civil liability, on virtually all participants in the U.S. healthcare system. Organizations directly impacted by the rules are known under HIPAA as "Covered Entities" (CEs) and the information they must safeguard is referred to as "Protected Health Information" (PHI).

CEs include healthcare organizations that engage in electronic transactions of PHI, including hospitals, physician offices, ambulatory care centers, health plans, pharmacies, public health authorities and clearinghouses. CEs are required to contract with their vendors and with other partner organizations to which they may extend access to PHI (called "Business Associates") to ensure that they too safeguard the information. Typical Business Associates include software companies, transcription services, billing services, attorneys, etc. HIPAA is currently composed of the following sets of regulations, known as Standards:

Electronic Transactions & Code Sets Standards: uniform coding

standards for claims and other healthcare data transmitted between

providers and payers. The compliance deadline for HIPAA Transaction Standards was October 16, 2002 although CEs were able to apply for an automatic extension of the deadline until October 16, 2003.

Privacy Standards: control the use of identifiable patient data within healthcare organizations and its disclosure to others.