Our healthcare system is in critical condition; its costs are out of control, and it's failing to keep us healthy. Medical bills are the leading cause of bankruptcy. We spend twice as much per person to pay for a healthcare system whose results rank last of all industrialized nations. Recent health reform legislation seeks to change all of this. A key component of health reform is a push towards ubiquitous electronic health records (EHRs) supported by nationwide health information exchange. Paper systems can never solve these problems! This move toward a highly digitized healthcare environment also carries with it new risks to the confidentiality, integrity, and availability of patient data. Higher quality, lower cost healthcare can evolve only if we incorporate interoperable health information exchange and standardized, secure electronic communication of administrative and clinical transactions.

The Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) began the rebuilding process by requiring the adoption of government standards for administrative transactions, code sets, identifiers, security, and privacy. The Health Information Technology for Economic and Clinical Health (HITECH) Act, (part of the American Recovery and Reinvestment Act of 2009) made the Office of the National Coordinator for Health Information Technology a part of statutory law and provided financial incentives and support for a roll out of EHR systems and use of electronic clinical information exchanges. In addition, HIPAA requirements for privacy and security were enhanced, and the Secretary of the Department of Health and Human Services (HHS) was directed to undertake "the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information and that ensures that each patient's health information is secure and protected." HHS also promulgated regulations requiring the adoption of updated versions of the transaction standards and the use of ICD-10 coding.

Then Congress enacted healthcare reform legislation in the form of the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act of 2010 (combined, now referred to as PPACA or ACA), which pushes the healthcare industry even further in the direction of expanded use of health information technology. HHS is producing many more regulations regarding privacy, security, electronic health records, and operating rules to add value to the administrative transaction and code set standards. Just when we thought that the HIPAA changes had settled in, HIPAA changes are off and running again! These developments will affect most aspects of healthcare and everyone connected professionally with healthcare must understand these changes and what will be required in order both to benefit from and to comply with these new legal requirements.

All of these developments create substantial compliance challenges for HIPAA covered entities and their business associates and subcontractors. Hospitals, clinical organizations, health plans including health insurance companies, physicians, and all other covered entities must implement, update and train their workforces regarding HIPAA and HITECH generally, as well as institution-specific policies and procedures including corporate compliance programs. Complex requirements regarding data breaches now must be included in the policies and procedures, and in training programs. New challenges relating to accounting for disclosures and anticipated privacy and security audits must be dealt with, even before final regulations provide guidance. Health plans will be at risk for new and significant financial penalties under ACA certification requirements.

The HIPAA Summit will provide the most up-to-date information on the new laws and regulations. Comprehensive presentations by leading regulators from the Centers for Medicare & Medicaid Services, the Office for Civil Rights, and the Office of the National Coordinator for Health Information Technology will provide unique insights. Private sector leaders will add practical advice from their many experiences in implementation. This HIPAA Summit will address privacy and security and data breach changes and challenges and the legal and policy issues implicated, as well as electronic health record adoption issues. It will also cover developments and requirements for transactions, code sets, and operating rules and how they are being implemented. Training sessions for HIPAA privacy and security professionals who intend to apply for certification are also available.