HIPAA's effect on web site privacy policies

A study was conducted to examine the effects of the 1996 Health Information and Portability Accountability Act's (HIPAA) enactment on a collection of privacy policy documents for a nine organizations over four-year period. Online documents of nine healthcare institutions such as GlaxoSmithKline and HealthCentral were analyzed using goal-driven requirements engineering and text readability metrics. The privacy statements of each healthcare institutions were analyzed prior to HIPAA's enactment. Various goals of the PGMT goal repository such as G867, G642, G1166, and G1167 were identified and classified as privacy protection or vulnerabilities goals. Flesch Reading Ease Score (FRES) and Flesch Kincaid Grade Level (FGL)score methods were used to quantify readability of documents. It was observed that pre-HIPAA study took 183 person hours to extract goals from 23 privacy documents in comparison of 34 person hours for 24 post-HIPAA documents.