In addition to authorizing a net $19.2 billion in health IT funding, the American Recovery and Reinvestment Act tightens HIPAA privacy and security regulations. The standards will be more stringent for guarding the confidentiality of personally identifiable health information, the "treatment, payment and healthcare operations" exemption will require patient consent and individuals will gain the right to sue for civil damages in cases of unauthorized use or disclosure of protected information.

What does this all mean, and, more importantly, how do healthcare organizations comply? A number of sessions at AHIMA '09 will address this complicated subject.

There are two options during the afternoon concurrent tracks on Monday, Oct. 5. One track, beginning at 1 p.m., concentrates on the release of information. Plus, as part of the Hot Topics session, Mary Thomason of Intermountain Health Care in Salt Lake City will speak at 3:30 p.m. on how ARRA changes business associate relationships.

The Hot Topics on Tuesday, Oct. 6, include a case study at 1 p.m. of how a regional health information organization is addressing consent, while a presentation at 4:05 p.m. focuses on accounting of disclosures under ARRA. Another track, starting at 1 p.m., delves into various data security issues, including a CMS HIPAA security audit. Then, on Wednesday, Oct. 7, a morning track that begins at 8 a.m. is dedicated to combating the growing problem of medical identity theft.