For most large businesses, the upcoming enrollment period for Obamacare is no small matter. The legislation, officially known as the Patient Protection and Affordable Care Act, has been on executives' radar for years, and its merits and drawbacks have been debated almost ad nauseum in the press, in Congress and even the United States Supreme Court.Experts, though, say the enrollment period, which starts on Oct. 1 and runs through next spring, still presents employers with a few technical challenges. To that end, CIO.com talked to insurance experts, IT gurus and attorneys to find the best ways to prepare for this sea change in healthcare. Here are five things business should be doing to prepare for healthcare reform.1. Create an Internal Health Insurance Enrollment PortalAmericans without health insurance are encouraged to use health insurance exchanges to "shop" for plans that offer the coverage that best fits their needs. Subsidies are available for those who qualify. Those who remain uninsured at the end of 2014 face financial penalties.Some companies, in an effort to reduce healthcare costs, are dropping employer-based plans and sending employees to the insurance exchanges instead. Even large companies that plan to continue offering employer-based health plans will likely need to create their own open enrollment sites, though.Jeffrey Ungvary, president of Strategic Wellness & Insurance Management Services, says the exchanges for each state, such as MNsure in Minnesota, will pave the way. Employees will become accustomed to browsing through list of insurance providers and seeing pricing plans. Large companies should be prepared to offer similar, internals portal for choosing among health plans.2. Revisit HIPAA Security Compliance IssuesEvery IT executive in the healthcare field already knows about the Health Insurance Portability and Accountability Act (HIPAA). When enrollment starts, new opportunities for data breaches that violate HIPAA will emerge as well. What's more, the law, first enacted in 1996, has been updated for the digital information age to increase the financial penalties for an entity that suffers a data breach.Les Levinson, the chair of the healthcare practice at the New York law firm Edwards Wildman Palmer, points to one specific provision regarding employee wellness programs. IT may be called on to manage the security between employer-sponsored health insurance and third-party wellness program providers. If that third party creates, receives, stores, transmits or otherwise possesses personal health information, then it's liable under HIPAA \u2014 so make sure it's ready, willing and able to take HIPAA seriously.3. Improve Payroll Systems to Track Actual Hours WorkedBy 2015, Obamacare legislation will require that an employer "prove" whether someone is full-time \u2014 that is, works 30 hours or more per week. Diane Lukin, an attorney at Arnall Golden Gregory in Atlanta, says any company with more than 50 employees will need a way to track hours.Related: Why SaaS HR Software Is Ready to Take OffPayroll systems should be calibrated so that local field managers and human resources personnel can generate a report that shows actual hours worked, Lukin says. State exchanges will start requiring these reports in spring of 2016 to be both accurate and easily accessible.4. Manage the Overall Technology ChangeThere's a temptation, even in a large company, to "bench" the CIO when it comes to complex legal and healthcare legislation. Often, new health legislation is left for the human resources department to control. But the Affordable Care Act, and its emphasis on the increased use of technology, makes this situation different.Oliver McGee, a Howard University professor who served on the Clinton administration as the U.S. Deputy Assistant Secretary of Transportation, says the CIO has to lead the charge in how a company connects to the state exchanges, in any technology spending related to healthcare and in how the healthcare policies are implemented in IT.5. Investigate Your Level of Healthcare ReportingLarge companies will need to take another look at their level of healthcare reporting, including which data fields are captured and stored. New requirements force employers to make Social Security number and wages of employees easy to access yet secure, says Joanne Hanson Pearson, an attorney at Pierce Atwood in Maine. (This data is used in part to help determine if an individual, couple or family meets the criteria for subsidized insurance under Obamacare.)Related: Healthcare Industry Sees Big Data As More Than a BandagePart of the complexity, she says, is that the level of reporting changes from one company to the next based on its size and market. It also changes based on the state exchanges and existing healthcare offerings available to residents.John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He has written more than 2,500 articles in the past 10 years. You can follow him on Twitter @jmbrandonbb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.