Communications of the IIMA


The purpose of the study was to identify the policies and procedures required in U.S. hospitals to meet the requirements of the Health Information Portability and Accountability Act (HIPAA). A major aspect of the study focused on the degree of change required to meet the security standards and on the types of security devices used by the hospitals. Findings from a survey of 286 U.S. hospitals found the greatest amount of change needed to meet HIPAA security compliance were changes resulting in increased Information Systems (IS) budget requirements, changes to network monitoring, and additional hiring in the IS department.