"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996. It started as a way to ensure that workers who switched jobs could take their health insurance with them (hence the “portability” in the name). HIPAA gradually morphed into its present form and now has many different aims, including fighting fraud and waste, promoting medical savings accounts, improving access to long-term care, and simplifying the administration of health insurance.

In the part of HIPAA called “Administrative Simplification,” Congress sought to make the health care system more efficient. It eventually directed the Department of Health & Human Services to create regulations to achieve that end. In nine separate but interlocking sections, the Department enacted regulations aimed at encouraging the nationwide electronic exchange of health information. Two sections -- Transactions & Code Sets and Privacy -- have been finalized. The remaining sections are either in proposed form or have yet to be published.

Healthcare organizations must be in compliance by April 14, 2003 with the HIPAA privacy regulations. Penalties range up to and include $250,000 or 10 years in prison. In addition, plaintiff’s attorneys will undoubtedly try to sue health care organizations that fail to meet their compliance obligations.

The Department of Health & Human Services projects savings to the health care industry of at least $1.5 billion over the first five years of implementation and $30 billion over the first ten years. It estimates the cost of compliance at about $17 billion over the first ten years.

Click the links below to see more detailed charts on Administrative Simplification and a timeline of relevant events: