Sunday, October 13

Session Leaders:
Cornelia Dorfschmid, Senior VP & CIO, Strategic Management Systems, Inc.
Gail Hinte, IT Director, PricewaterhouseCoopers
Ed Meyer, JD, Partner, McDonald & Meyer, PLLC

While it is a complex undertaking, overcoming the hurdles of moving from the traditional hard copy document process to electronic digital storage provides institutions with immediate benefits as well as long-term savings. This session will hold an open discussion on the issues involved in moving to a paperless and filmless environment, the technical and procedural issues which must be addressed and some ideas for implementation.   

Among the key areas: deciding who can access Protected Health Information (PHI); what PHI elements can be accessed; where electronic PHI and the hardware reside; and how to recover from a disaster. These challenges must be addressed by developing policies and procedures, using the HIPAA Regulations as a guideline.

Session Leaders:
Diana Turner, RN, Clinical Information Systems Administrator, Duke University Hospital
David Wellons, Director, Healthcare Marketing, BellSouth

Session Leaders:
Troy Burns, Senior VP & CIO, Payerpath, Inc.
Stan Haavik, HIPAA Practice Director, Internet Commerce Corporation
Jim Riley, VP of Sales, Payerpath, Inc.

Learn more about:
1) The experiences and lessons learned by the U.S. military through use of the risk assessment tool 
2) How the DHIAP is training and supporting military medical treatment facilities worldwide in a systematic approach to risk assessment and management

Archie Andrews, Director, Information Protection Solutions Group, Advanced Technology Institute

Human factors and usability are emerging as important considerations in the design of medical information systems. Issues of connectivity and privacy are critical to success, but accessibility, understandability and usability are critical to acceptance and need more attention as information technologies are introduced.

You will learn:
1) The fundamental concepts of usability, human factors and user-centered design (UCD)
2) Programmatic approaches to implementing UCD for medical information systems
3) Additional resources to support UCD efforts
4) The steps required to launch a UCD program in your organization

Barry Beith, President, HumanCentric Technologies, Inc.

You will learn:
1) The pros and cons of the safe harbor, statistical and hybrid methods
2) Details on actual implementation of these various de-identification methodologies.

Judith Beach, Esq., Associate General Counsel, Regulatory Affairs, Quintiles Transnational Corp.
Michael Hubbard, Partner, Smith, Anderson, Blount, Dorsett, Mitchell & Jernigan, LLP

Most small healthcare providers face substantial challenges to get ready for the April 14, 2003 compliance deadline for the HIPAA Privacy Rule. This presentation outlines a six-month “crash course” plan of action. Written materials will include a detailed time and task chart for six month implementation and a detailed outline of necessary policies and procedures. The audience will be expected to have already attended HIPAA awareness training sessions since the focus of the session is on how to meet the requirements on a fast track, not what the requirements are. The presentation will be based on the approach taken in the American Medical Association’s Field Guide to HIPAA Implementation, which the speaker co-authored.

You will learn:
1) How to reach HIPAA privacy compliance in six months
2) The policies and procedures necessary for HIPAA privacy compliance.

Michael Hubbard, Partner, Smith, Anderson, Blount, Dorsett, Mitchell & Jernigan, LLP

You will learn about:
1) A case study on POE implementation within a large university-based hospital
2) The successes and lessons learned in POE implementation from one case study
3) The factors critical to a successful POE implementation

James Greenlee, RPh, Pharmacy Operations Specialist, UNC Hospitals
Lauren Kearns, RN, Clinical Systems Analyst, UNC Hospitals
Sandra Laws, RN, Clinical Systems Analyst, UNC Health Care

Raytheon has a diagnostic tool for performing gap analyses and risk assessments for the healthcare industry called Risk Doctor(tm). The tool was recently used by UNC Health Care to identify compliance issues with the HIPAA security rule.

You will learn about:
1) The use of Risk Doctor(tm) at UNC Health Care
2) The issues encountered by covered entities when beginning to explore HIPAA security compliance
3) The advantages and disadvantages of performing HIPAA risk assessments when outsourcing or using in-house personnel

Harold Frohman, Risk Doctor Program Manager, Raytheon

Learn about the role and duties of a Privacy Officer (PO) under HIPAA, including: 
1) Drafting a job description
2) The function of the PO within the larger organization
3) The duties of the PO under HIPAA and corporate requirements regarding reporting and chain of command structures
4) A comparison of the functions of a PO with those of a security or compliance officer within an organization
5) The appropriate manner for appointing a PO
6) The relationship between the PO and the HIPAA compliance committee
7) The personality traits of a successful PO 

The discussion will include case studies that illustrate mistakes made, potential pitfalls, and the successful creation and integration of the role of PO.

Roy Wyman, Jr., Attorney, Maupin Taylor & Ellis P.A.

There are many compelling business reasons for implementing an electronic medical record that contains a strong workflow application and strict security features. The electronic record with strict security features will be instrumental in preparation for HIPAA compliance.

Topics include:
1) The benefits of an electronic medical record
2) Business reasons for deploying workflow technology
3) What workflow can do for your organization
4) Real life examples of successful workflow deployment
5) Using electronic medical records to comply with HIPAA regulations, taking advantage of both security features and audit trail capabilities

Lynne Henderson, Corporate Director, Health Informatics, Spartanburg Regional Healthcare System

Training is a critical success factor for HIPAA implementation and ongoing compliance. How does a large organization face that challenge and maintain the effort it takes to reach every organizational corner? How does it take into account issues like geographic diversity, variations in learning styles and the advantageous use of technology?   

You will learn:
1) How Duke University Health System is employing a blended training approach that encompasses reference materials and manuals, posters and Web-based training 
2) How Duke provides HIPAA training through a Web-based system that can be accessed by every staff member 

Terry Seelinger, e-Learning Manager, Duke University Health System

Monday, October 14

Mike Walker, University Compliance Officer, Wake Forest University

Doing HIPAA: An Update on the Healthcare Industry's Implementation of HIPAA's Privacy, Security and Standard Transaction Rules

This session will provide an update on how the implementation of HIPAA’s Privacy, Security, and Standard Transaction rules are proceeding in the healthcare industry, with poignant examples drawn from some specific institutions. Scenarios for the future will be presented with an opportunity for audience participation in assessing the viability of the scenarios. 
 
You will learn:
1) The status of the healthcare industry in meeting HIPAA compliance
2) Which healthcare entities are expected to be in timely compliance
3) The various likely scenarios for HIPAA compliance in the healthcare industry

Dave Kirby, Information Security Officer, Duke University Health System

Good communication to referring physicians is absolutely essential for large hospitals and academic medical centers. This communication is usually done by manual letters. Wake Forest University Baptist Medical Center (WFUBMC) automated the capture and sending of this information almost six years ago through outsourcing, and has since developed its own in-house system. The new system, called MedPort, saves many thousands of dollars annually yet provides superior functionality and flexibility to the outsourced system. 

You will learn:
1) The critical factors of success in developing an in-house system
2) WFUBMC's positive and negative experiences in switching from an outsourced to an in-house system

Paul LoRusso, VP & CIO, Wake Forest University Baptist Medical Center

The clock is ticking rapidly toward the April 14, 2003 compliance deadline for the HIPAA Privacy Rule. Complicating the compliance efforts of all covered entities is the inter-connectedness of the privacy regulations with the security and transactions & code set regulations. 

You will learn:
1) The latest legal developments pertaining to the HIPAA privacy, security and transaction & code set regulations
2) Practical suggestions for building a compliance program that integrates all three sets of HIPAA regulations
3) New state and federal privacy legislative initiatives and their potential impact on the HIPAA privacy regulations

Robert Lower, JD, Partner, Alston & Bird LLP

The key to our country's preparedness for biological attack is rapid detection, determination of the source, and response through a national early warning surveillance system. To track disease trends and treatment patterns across hundreds of conditions and over 8,000 prescription drugs, Quintiles has in place an enormous, near real-time database built on de-identified health information from hospital, medical and pharmacy claims data. Its reach is both broad and specific in that it can survey the whole country, any Metropolitan Statistical Area (MSA), or any zip code. 

You will learn:
1) About disease trends and treatment patterns and the predictability of the neural net 
2) How this disease surveillance system could serve as a national early warning system for bioterrorism

John Russell, Executive VP & General Counsel, Quintiles Transnational Corp.

Under HIPAA, security is the framework within which the privacy and transaction rules are implemented. Although the final security rules are not published, the HIPAA statute contains specific security requirements that apply now. 

This session will:
1) Explain the statutory requirements for HIPAA security and how they relate to the proposed security rules
2) Explore security topics including HIPAA security certification, encryption and sanctions for security violations
3) Examine other applicable laws affecting HIPAA security and privacy (and vice versa), including state tort, contract and consumer protection law; the business judgment rule (protecting officers and directors from personal liability); and the federal criminal sentencing guidelines for organizations
4) Focus on the development of "an effective program to prevent and detect violations of law" as a key to HIPAA planning, compliance and litigation risk management

Richard Marks, Partner, Davis Wright Tremaine LLP

The North Carolina Emergency Department Database (NCEDD) Project takes data from two North Carolina emergency departments and translates it into the CDC's Data Elements for Emergency Department Systems (DEEDS) format. This data is regularly and securely transmitted to the North Carolina State Center for Health Statistics.

In this session you will learn about:
1) The technical architecture and implementation of NCEDD
2) Security issues and how they have been addressed 
3) The utility of standardized emergency department data for public health surveillance purposes, including Web-based reporting
4) Practical guidance for addressing data standards and quality issues for health-related databases
5) The potential scalability of NCEDD to near-real-time collection of clinically relevant emergency department data

Hal Bredbenner, Senior Business Analyst, OnSphere Corporation
John McLamb, Director of Informatics, UNC-Chapel Hill Department of Emergency Medicine
Anna Waller, Research Assistant Professor, UNC-Chapel Hill Department of Emergency Medicine

America is not the same country it was before September 11. The events of September 11, subsequent anthrax attacks and threat of future chemical or biological terrorism have fundamentally altered the way healthcare providers view “disasters.” The tug-of-war between privacy, on the one hand, and responding to real and perceived terrorist threats, on the other, will require foresight and careful planning. Can the efforts of health care providers to identify and respond to terrorist attacks coexist with their obligation to keep certain information private and confidential? 

You will learn:
1) How HIPAA's privacy regulations address terrorism and mass casualties
2) The interplay between the Model State Emergency Health Powers Act and North Carolina's emergency health powers laws
3) The JCAHO standards and AHA guidelines regarding emergency management plans
4) About quarantine powers, mandatory vaccinations and reporting obligations for communicable diseases
5) The lessons learned from prior terrorist incidents

Angie Burnette, Associate, Alston & Bird LLP
Andy Lemons, Associate, Alston & Bird LLP

Much of the talk about HIPAA regulations has centered around their implementation in terms of documents and transactions. Nursing and the work of nurses is intimately involved in the processes the regulations address, yet many nurses do not know anything about HIPAA.

You will learn:
1) How HIPAA regulations interface with nursing practice
2) The benefits and barriers of the HIPAA regulations on nursing practice
3) How nurses can influence HIPAA compliance in their organizations in proactive ways
4) How nurses can get involved at the local, state and national levels to make their voices heard on how they practice in relation to the regulations

Donna Bailey, Adjunct Assistant Professor, School of Nursing, UNC

An interactive seminar about fact-based disaster prevention and avoidance. Topics covered include commonly overlooked disasters, how to put accurate risk ratios to disaster events and financial justifications of disaster avoidance projects. 

You will learn:
1) Common and unforeseen catastrophic risks faced by healthcare IT organizations 
2) The top causes of data loss
3) Lessons learned from two disasters in which well-crafted disaster plans failed
4) A method of putting quantifiable risk ratios to potential disastrous events, and how to use these ratios in planning   
5) How risk ratios are used to calculate the costs of prevention, the financial models involved, and how these calculations can be used to justify the costs of disaster avoidance

Sean D'Arcy, Consultant, Healthlink

In this session you will learn:
1) What is meant by an e-business strategy
2) Why a healthcare provider should be interested in such a strategy
3) How healthcare providers can develop an e-business/e-health strategy
4) What some of these strategies should be

Kent Curran, Professor, Department of Management, Belk College of Business Administration, UNC-Charlotte
Mary Curran, RN, Associate Professor, College of Nursing and Health Professions, UNC-Charlotte

Tuesday, October 15

Testing the HIPAA X12 transactions is several orders of magnitude more complex than testing the old style of EDI “flat files." This presentation discusses the use of testing tools and the transaction certification process to minimize the time and expense involved in bringing the HIPAA transactions into production. 

You will learn:
1) The types of testing to be used for X12 HIPAA transactions
2) The many different types of HIPAA claims 
3) What it means to be “certified” for the HIPAA transactions, and who needs to be certified

Kepa Zubeldia, MD, President & CEO, Claredi

Cape Fear Valley Health System went through a complete re-engineering in its business office in 1996 when it installed Siemens Imaging, HDX Eligibility and HDX Remittances. Cape Fear has expanded the use of HDX to its hospital-owned clinics, EMS, home health, utilization management, social services and case management. Cape Fear currently transmits over 22,000 eligibility inquiries per month, with most responses being returned in 2-3 seconds.

You will learn:
1) How e-Health can be successfully implemented by building on existing IT investments
2) What technologies are available today in the world of e-Health
3) How to connect and integrate payers, office staff, physicians and other clinicians in order to make business flow
4) How e-Health can help you move toward HIPAA compliance
5) How e-Health improves revenue management
6) How secure access to necessary data anytime and anywhere can improve workflow and provide solid ROI

Brian Gill, Regional Manager, HDX
Keith Hullender, Director, Systems Support & Development, Cape Fear Valley Health System

A growing body of evidence provided by EDI experts demonstrates that savings can be realized from timely and effective implementation of transaction automation. In the HIPAA regulation, HHS estimated each venue’s implementation cost and the level of current automation associated with various transactions. Even if HHS significantly underestimated actual costs by a factor of ten times actual experience, investment potential for HIPAA transaction automation is still excellent. The expected Internal Rate of Return is almost 100%, even if the actual cost experienced is three times higher than HHS estimated.

You will learn:
1) The amount of savings from transactions automation for each claim requiring eligibility verification
2) Your organization's expected return on HIPAA transaction investments

Ivan Barrick, Director, Healthcare Operations Improvement Practice, Parente Randolph

Use of the Internet by both healthcare providers and consumers is rising dramatically. A California Health Care Foundation study in 2001 estimated that 100 million adults get healthcare information from the Internet and that for 70% of them, the information they received influenced a healthcare decision. It is increasingly crucial that healthcare providers be attuned to how a Web site can be established and operated as well as the accompanying risks, responsibilities and liabilities. 

You will learn:
1) How to establish a Web site, including obtaining the domain name, contracting for Web site development services and attending to intellectual property issues
2) Ways to use the Web site and Internet for administrative tasks, staff training and informing consumers
3) How to use the Internet to provide healthcare services
4) Web site use criteria issued by professional healthcare organizations
5) The Web site accreditation program pioneered by URAC 
6) The potential availability of Web site insurance

Garry Carneal, President & CEO, URAC
Bill Shenton, Partner, Poyner & Spruill LLP