Enterprise Resource Planning Systems And HIPPA Compliance

Document Type


Publication Date



Enterprise Resource Planning (ERP) systems allow a healthcare organization to integrate a variety of functions, including medical records keeping and corporate governance tasks (such as financial data reporting). HIPAA includes requirements for maintaining privacy and security of patient medical records. Developers of software for use in healthcare environments must deal with the ever changing regulatory environment of the healthcare industry. The authors develop an argument that within the context of an ERP system, the implementation of certain required reporting and regulatory safeguards, such as prescribed by HIPAA, are best addressed by the third party ERP software developers, rather than by the healthcare organization's financial managers. This paper presents an overview of the important HIPAA financial management requirements that are best addressed by the software vendors. It also provides guidance for improving financial management by utilizing the efficiencies and reliability provided by an effective ERP system, through information assurance security services.