HIPAA privacy standards raise complex implementation issues.

In November 1999, under the mandate of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, HHS issued proposed standards to protect the privacy of electronically transmitted personal health information. With publication of the final standards due soon, healthcare organizations must prepare to implement new processes and information systems to comply with the HIPAA requirements. The privacy standards are intended to accomplish three broad objectives: define the circumstances in which protected health information may be used and disclosed, establish certain individual rights regarding protected health information, and require that administrative safeguards be adopted to ensure the privacy of protected health information. Among the required administrative safeguards are designation of a privacy officer, implementation of compliance training programs for all applicable staff, establishment of a complaint system, and implementation of appropriate sanctions for violations of privacy requirements.