They were nearly 10 years in the making. And despite delay upon delay, when sweeping new patient privacy regulations were finally completed, the healthcare industry braced itself for yet another round of change. No longer would it be OK to let physicians share computer passwords or write patients' names on emergency room white boards. All electronic information would have to be exchanged in a certain way. Hospitals would have to monitor their business partners to ensure they properly handle confidential patient information.
On April 14 this year, those requirements-and many others-became the law when President Bush made effective privacy regulations mandated by the Health Insurance Portability and Accountability Act of 1996. Passed by Congress to guarantee that people wouldn't lose insurance coverage when they changed jobs, HIPAA also called for industrywide standardization of data and strict new protections of patient privacy.
Consumer groups lobbied in favor of the regulations, which they viewed as necessary protections in the increasingly perilous electronic age. The hospital industry, meanwhile, worked hard to squelch or limit the requirements, citing concerns about the expense and the difficulty compliance would entail. For good or bad, it's a done deal now. HIPAA is here.