Staring down the barrel of multiple regulatory deadlines? This calendar view will help you keep the dates straight.\t\t\tApril 2004\t\t \t\tHIPAA Privacy Standards, small health plans (4\/14) \t\t\t\t\t\t\t\t\t\t\tWho's affected:\t\t\t\tHealthcare organizations\t\t\t\t\t\t\t\t\t\tBrief:\t\t\t\tPassed in 1996, HIPAA (the Health Insurance Portability and Accountability Act) increases customer data privacy requirements for healthcare companies, including relevant insurance companies and pharmacies.\t\t\t\t\t\t\t\t\t\tFull text:\t\t\t\twww.hhs.gov\/ocr\/hipaa\t\t\t\t\t\t\t\t\t\tAdministered or enforced by:\t\t\t\tThe HHS Office for Civil Rights (OCR) will enforce HIPAA privacy standards. The Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the transaction and code set standards that are part of the administrative simplification provisions of HIPAA.\t\t\t Past due HIPAA deadlines \t\t\t\tApril 2003:\t\t\t\tElectronic Health Care Transactions and Code Sets requirements in effect.\t\t\t Upcoming deadlines \t\t\t\tJuly 2004:\t\t\t\tEmployer Identifier Standard, all covered entities except small health plans\t\t\t\t\t\t\t\t\t\tApril 2005:\t\t\t\tSecurity Standards, all covered entities except small health plans\t\t\t\t\t\t\t\t\t\tAugust 2005:\t\t\t\tEmployer Identifier Standard, small health plans\t\t\t\t\t\t\t\t\t\tApril 2006:\t\t\t\tSecurity Standards, small health plans \t\t\t\tMay 2007:\t\t\t\tNational Provider Identifier, all covered entities except small health plans\t\t\t\t\t\t\t\t\t\tMay 2008:\t\t\t\tNational Provider Identitier, small health plans\t\t\t \t \tMay 2004\t\t \t\tSarbanes-Oxley \t\t\t\t\t\t\t\t\t\t\tWho's affected:\t\t\t\tPublicly traded companies\t\t\t\t\t\t\t\t\t\tBrief:\t\t\t\tIn response to high profile financial scandals, this law intends to protect shareholders and the general public from accounting errors and fraudulent pactices in the enterprise. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.\t\t\t\t\t\t\t\t\t\tFull text:\t\t\t\tnews.findlaw.com\/hdocs\/docs\/gwbush\/sarbanesoxley072302.pdf\t\t\t\t\t\t\t\t\t\tAdministered or enforced by:\t\t\t\tU.S. Securities and Exchange Commision (www.sec.gov)\t\t\t Past due HIPAA deadlines \t\t\t\tApril 2003:\t\t\t\tElectronic Health Care Transactions and Code Sets requirements in effect.\t\t\t Sarbanes-Oxley deadlines \t\t\t\tNovember 2004:\t\t\t\tAdditional disclosures for accelerated filers, generally U.S. companies with equity market capitalization greater than $75 million that file at least one annual report with the SEC.\t\t\t\t\t\t\t\t\t\tJuly 2005:\t\t\t\tAdditional disclosures for non-accelerated filers, beginning with fiscal years ending on or after July 15, 2005.\t\t\t\t \tJune 2004\t\t\t\t\t\t\t\t\tSarbanes-Oxley, additional disclosures\t\t\t\t \tJuly 2004\t\t\t\t\t\t\t\t\tHIPAA, Employer Identifier Standard, all covered entities except small health plans\t\t\t\t \tApril 2005\t\t\t\t\t\t\t\t\tHIPAA, Security Standards, all covered entities except small health plans\t\t\t\t \tAugust 2005\t\t\t\t\t\t\t\t\tHIPAA, Employer Identifier Standard, small health plans\t\t\t\t \tPast Due\t\t\t\t\t\t\t\t\tFISMA (Federal Information Security Act) Requires federal agencies to apply risk management techniques to make their computer information systems more secure. The agency director must report to Congress no later than March 1 of each year on agency compliance.\t\t\t\t\t\t\t\tCalifornia Privacy Law SB 1386 This law requires companies with California customers to notify those people of computer security breaches that may result in the theft of personal information about them. If third-party vendors hold customer data, they are also responsible for compliance.