• United States
Senior Editor

Healthcare software: Regulatory issues abound

Mar 10, 20032 mins

* A look at the Health Insurance Portability and Accountability Act

This week our Special Focus article takes a look at one of the hot topics of the year: the Health Insurance Portability and Accountability Act.

HIPAA is a set of federal transaction and data protection regulations for healthcare providers, plans and clearinghouses. The HIPAA regulations are designed to standardize electronic data interchange and other transactions among healthcare industry participants and to protect patient health information.

For John Hennessey, sifting and sorting through HIPAA regulations has already been a large ordeal, according to our Special Focus author (

Hennessey is the CIO for Dallas County, which contracts with the University of Texas Medical division to supply healthcare to Texas prison system inmates. Dallas County and other healthcare-related companies face an April 14 deadline to be in compliance with the basic HIPAA requirements, federally mandated privacy regulations to protect patient health information. The U.S. Department of Health and Human Services (HHS) issued those patient-data privacy guidelines, as ordered under the HIPAA passed by Congress in 1996. Subject to interpretation, the HIPAA privacy rules demand that healthcare organizations – and any of their business associates handling protected patient data – apply “administrative, physical and technical safeguards” to ensure confidentiality.

“Every time HHS has had a ‘clarification,’ it impacts another area,” Hennessey says.

Echoing the view of several CIOs questioned about HIPAA, Hennessey worries the April 14 deadline begin an era of heightened liability to healthcare providers for patient data that might get into the wrong hands.

“We’re worried about being held liable and the consequent damages,” Hennessey says.

You’ll be hearing lots more about those kinds of concerns in the future.  For more on this story see: