The acronym HIPAA stands for the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.

The HIPAA legislation includes a section, Administrative Simplification, requiring standardized electronic data interchange, and protection of confidentiality and security of health data through setting and enforcing standards. Specifically, HIPAA calls for:

1. Standardization of electronic patient health, administrative and financial data

2. Unique health identifiers for individuals, employers, health plans and health care providers

3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

The bottom line: sweeping changes in most healthcare transaction and administrative information systems.

WHO IS AFFECTED?

All healthcare organizations. This includes all health care providers, even 1-physician offices, health plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

ARE THERE PENALTIES?

HIPAA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25K for multiple violations of the same standard in a calendar year -- fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.