¶ … forward, HIPAA should not have much more impact on health care systems in general. HIPAA was passed into law in 1996 nearly three Presidents ago and has been in full implementation since the final modifications to the privacy rule were put into place in 2002, giving health care stakeholders a dozen years to have been working with the regulations (HHS.gov, 2014). This means that everything should have been implemented already with respect to HIPAA -- full compliance was required by 2003 - and there should not be any future changes. There should have been changes over the course of the last 18 years to address the different elements of HIPAA, however, and build the law into the health care systems. The HITECH Act is more recent, having been passed into law in 2011. This law creates incentives to implement electronic health records, and HITECH also made some changes to HIPAA compliance as well (HealthIT.com, 2014). Holloway (2003) notes, however, that in many cases state laws supersede HIPAA, if the state law is deemed to be more protective. As is the case with many federal laws, such as those governing minimum wage, HIPAA presents a legislation floor, a minimum standard for the country. Any state can go beyond this standard should it choose. The problem that this creates for health care providers who transcend states and especially for software vendors is that the nation has a patchwork of laws governing the development of electronic health records (EHRs) and health information...

HITECH also provides grants for training centers for the personnel required to support a health IT infrastructure (Ibid). From an economic perspective, these incentives are intended to bring new customers to the EHR market, which should be good for business for the hardware and software vendors in particular. They needed to be prepared for the passage of this law -- if they are not prepared yet there might not be any point to it because the moment has almost passed. The spike in demand does present challenges for software companies in particular, since they need to understand which states and rules are on HIPAA and which are not -- hopefully they've figured that out by now -- but also there needs to be an understanding of the legislative interpretations of HIPAA. Oates (2007) notes that the courts have made changes to the way that HIPAA is interpreted and enforced, and it can be expected that this will happen at the state level, too. That presents a major challenge for software vendors who are trying to match up their software products and the training on those products with legislative patchwork that also happens to be a moving target.
The implementation of the systems by providers has been incentivized by HITECH,…