A Review of State Entities' Preparedness for Compliance with the Health Insurance Portability and Accountability Act
August 2003
Report Number 03-048
Overall Conclusion
Most state entities we reviewed must intensify their efforts to comply with administrative simplification regulations within the Health Insurance Portability and Accountability Act (HIPAA). The federal government can impose penalties for noncompliance with HIPAA; noncompliance also could lead to litigation that could require entities that are subject to HIPAA to pay substantial damages. The federal government enacted these regulations in 1996 to facilitate the exchange of information through the establishment of standards and requirements for the electronic transmission of certain health information. In addition, these regulations protect the privacy of health information and require that this information be properly secured.
There are three categories of HIPAA administrative simplification regulations, each with a separate compliance deadline. Our review found that:
- More than half of the entities reviewed reported that they had not fully
complied with certain HIPAA privacy regulations by the April 14, 2003, deadline.
These entities will need to accelerate their efforts in this area.
- Nearly one-third of entities reviewed reported that they did not anticipate
achieving full compliance with HIPAA regulations for transactions and code
sets by the October 16, 2003, deadline. These entities may need to make a
more concerted effort to comply.
- The deadline for complying with HIPAA security regulations is April 21,
2005, yet many entities reported that they have not started addressing major
components of security regulations. It is important to note that the consolidation
of Texas health and human services agencies (and the associated transition
of information technology functions) will overlap with the time period during
which entities will be working to comply with security regulations. This could
increase the risk of not achieving compliance with security regulations.
Contact the SAO about this report.
Download the PDF version of this report. (.pdf) (HTML)*
Download the Acrobat version of this report summary. (.pdf)
*HTML equivalents for PDF documents are generated utilizing Adobe's PDF Conversion by Simple Form.