The privacy provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") apply to health information created or maintained by healthcare providers, health plans, and healthcare clearing houses ("Covered Entities") who engage in electronic transactions. Covered Entities are required to comply with the HIPAA privacy rule on April 14, 2003. HIPAA creates national standards to protect individual medical records and other personal health information. Covered Entities will be required to implement new policies and procedures to comply with HIPAA. Violations of a patient's privacy rights will be subject to significant civil and criminal penalties.

In general, pursuant to the HIPAA requirements, a healthcare provider will be required to provide information to patients about their privacy rights and how their information can be used, adopt clear privacy procedures, train employees so that they understand the privacy procedures, designate an individual to be responsible for seeing that the privacy procedures are adopted and followed, and secure patient records containing individually identifiable health information so that they are not readily available to those who do not need them.