HIPAA included provisions designed to encourage electronic transactions and also required new safeguards to protect the security and confidentiality of health information. The final regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically. Most health insurers, pharmacies, doctors and other health care providers were required to comply with these federal standards beginning April 14, 2003. As provided by Congress, certain small health plans have an additional year to comply. HHS has conducted extensive outreach and provided guidance and technical assistant to these providers and businesses to make it as easy as possible for them to implement the new privacy protections. These efforts include answers to hundreds of common questions about the rule, as well as explanations and descriptions about key elements of the rule.

HIPAA simplified

In very basic terms, HIPAA has two primary components to which hospitals, health plans, healthcare "clearinghouses," and healthcare providers must conform:

• Administrative simplification, which calls for use of the same computer language industry-wide;
• Privacy protection, which requires healthcare providers to take reasonable measures to protect patients? written, oral, and electronic information.