Skip to main content

A Review of State Entities' Preparedness for Compliance with the Health Insurance Portability and Accountability Act

August 2003

Report Number 03-048

Overall Conclusion

Most state entities we reviewed must intensify their efforts to comply with administrative simplification regulations within the Health Insurance Portability and Accountability Act (HIPAA). The federal government can impose penalties for noncompliance with HIPAA; noncompliance also could lead to litigation that could require entities that are subject to HIPAA to pay substantial damages. The federal government enacted these regulations in 1996 to facilitate the exchange of information through the establishment of standards and requirements for the electronic transmission of certain health information. In addition, these regulations protect the privacy of health information and require that this information be properly secured.

There are three categories of HIPAA administrative simplification regulations, each with a separate compliance deadline. Our review found that:

  • More than half of the entities reviewed reported that they had not fully complied with certain HIPAA privacy regulations by the April 14, 2003, deadline. These entities will need to accelerate their efforts in this area.

  • Nearly one-third of entities reviewed reported that they did not anticipate achieving full compliance with HIPAA regulations for transactions and code sets by the October 16, 2003, deadline. These entities may need to make a more concerted effort to comply.

  • The deadline for complying with HIPAA security regulations is April 21, 2005, yet many entities reported that they have not started addressing major components of security regulations. It is important to note that the consolidation of Texas health and human services agencies (and the associated transition of information technology functions) will overlap with the time period during which entities will be working to comply with security regulations. This could increase the risk of not achieving compliance with security regulations.

Contact the SAO about this report.

Download the PDF version of this report. (.pdf) (HTML)*

Download the Acrobat version of this report summary. (.pdf)

*HTML equivalents for PDF documents are generated utilizing Adobe's PDF Conversion by Simple Form.

Internal Links

Related Sites

Contact Us

1501 North Congress Ave.
Austin, TX 78701
Phone: (512) 936-9500
Fax: (512) 936-9400
Email: auditor@sao.texas.gov
Public Information Requests