Many of the companies in New Orleans that night had toyed with developing their own software for complying with HIPAA. Others were hoping software vendors would come up with a solution in time. But for all, the HIPAA deadline was a sword hanging over their heads. And the penalties for failing to comply ranged from hefty monetary fines to jail time.

This group of pragmatic technology executives, which came to call itself the Bourbon Street Coalition, wasn't about to wait for years to go by before finding a way to comply. It was ready to find a solution, immediately.

Even as health care payment organizations such as Blue Cross and Blue Shield would seek to push the need for compliance beyond 2002, Halamka, Glaser and cohorts would find a way to be up and running by the end of 1998—almost four years ahead of time. This is the story of the secure patient information network sketched out on a napkin at Mardi Gras 1998—and why this group of health care executives could find a system that worked without major pain or investment, while other institutions pleaded for more time.

John Halamka and John Glaser stood overlooking New Orleans' legendary Bourbon Street from the balcony of the Royal Sonesta Hotel. Below, knots of revelers were getting an early start on Mardi Gras, set to begin the next morning. It was a strange venue for the group assembled on the balcony that night. These chief information officers from major Massachusetts health care companies had gathered in New Orleans for a symposium on the security of electronic patient records and medical information systems.

INTERACTIVE TOOL
	Cost out a data exchange network (Excel) A time line for implementation (Microsoft Project 98 file). PDF download of both

Although security was the official topic, an ominous cloud hung over their heads. Two years earlier, President Bill Clinton had signed into law the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Part of that law established the requirement that health care enterprises that did any business with federal health care agencies, such as Medicare, had to adopt and implement by fall 2002 a common format for electronic transactions. Congress had selected the American National Standards Institute's x.12 standard (ANSI x.12) as the appropriate format for managing electronic records. The law also mandated that these networks—since they would carry sensitive data about patients, their sicknesses and their treatments—be secure.

It was against this backdrop that health care CIOs and CTOs from across New England sipped their drinks and chatted over the Mardi Gras noise above Bourbon Street that night in 1998.

Suddenly, for the first time, the health care industry faced a drop-dead deadline to solve two challenges that had bedeviled it for the past decade:

Many of the companies in New Orleans that night had toyed with developing their own software for complying with HIPAA. Others were hoping software vendors would come up with a solution in time. But for all, the HIPAA deadline was a sword hanging over their heads. And the penalties for failing to comply ranged from hefty monetary fines to jail time.

This group of pragmatic technology executives, which came to call itself the Bourbon Street Coalition, wasn't about to wait for years to go by before finding a way to comply. It was ready to find a solution, immediately.

Even as health care payment organizations such as Blue Cross and Blue Shield would seek to push the need for compliance beyond 2002, Halamka, Glaser and cohorts would find a way to be up and running by the end of 1998—almost four years ahead of time. This is the story of the secure patient information network sketched out on a napkin at Mardi Gras 1998—and why this group of health care executives could find a system that worked without major pain or investment, while other institutions pleaded for more time.