The U.S. Department of Health and Human Services has released final security standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for protecting individually identifiable health information. The standards require health insurers and certain healthcare providers and clearinghouses to establish procedures to protect the confidentiality of electronically maintained or transmitted health information. Most covered entities have until April 21, 2005, to comply; small health plans have an additional year.