HIPAA Maintenance: Daily Habits for the Health Care Team

Credits: 1

Course Description

The Health Insurance Portability and Accountability Act (HIPAA) became law in 1996. Nearly two decades later, the HIPAA Privacy and Security Rules remain challenging for many practices. In 2012 the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) completed an audit of 61 hospitals and clinics and found that 98% had at least one security finding or observation, that 80% did not have a complete and accurate risk assessment, and that in general, smaller clinics (10-50 providers) had a more difficult time addressing the requirements than did larger entities. Why do practices still struggle? 
The cost and effort in complying with the HIPAA regulations surpasses any immediate visible and tangible result. Unfortunately, we tend to put off prevention in favor of production, where working harder and faster seems to produce “more” visible results. This self-study course will help you understand some of the legal and technology terms, and help guide you through the broad and complicated rules to developing a day-to-day privacy and security compliance program.


Learning Objectives

 At the conclusion of this course, participants should be able to:

  • Describe the process for conducting an "objective" risk assessment.
  • Cite one privacy and security practice as required by the HIPAA Final Rule that you will implement.

Faculty Information 

Robert Y. Oikawa, MD, MPH, CISSP, CPPS, CPHQ, has focused on the information security and safety of health care information technology, especially regarding HIPAA security and privacy. He has been involved with health care, security, safety, and quality improvement throughout his career. He received his MD degree from the Johns Hopkins University School of Medicine in 1979, completing his medical residency and fellowships in biomedical engineering, cardiology, and interventional cardiology at the Johns Hopkins Medical Institutions. After a stint in private practice of interventional cardiology, he returned to software engineering and served as principal consultant, senior program manager, and senior architect during a decade with the Microsoft Corporation and MSNBC, focusing on software and system architecture, information security, learning solution development, software engineering best practices, risk management, innovation, and intellectual property.




Planning Group 

Tracey L. G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS – Skagit Regional Medical Center, Mount Vernon, WA
David McGrath, CPHRM – Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
Cathy Reunanen, ARM, CPHRM Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
Cryss. Toycen – CME Specialist, Physicians Insurance, Seattle, WA
Mesina McMurray – CME Coordinator, Physicians Insurance, Seattle, WA

Original release: August 2014
Last reviewed: August 2017
Expiration: August 2018

CME Information
Category 1 credit is applicable throughout the United States.

Physicians in Washington who complete this course will fulfill the risk management education requirement mandated by the Washington Health Services Act of 1993.

Participants will need to complete and pass a short quiz in order to claim CME credit. The minimum score to receive course credit is 70%.

Estimated time to complete this activity: 1 hour

Physicians Insurance/Experix is accredited by the Washington State Medical Association CME Accreditation Committee to provide continuing medical education for physicians.

Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

This activity meets the criteria for up to 1 hour of Category I CME to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.

At the time this course was developed and presented, all faculty, planning and peer-review group members and their spouses/partners certified that they do not have, nor have had within the past year, any financial arrangements or affiliation with any commercial organization involved in health care goods or services consumed by or used on patients, with the exemption of non-profit or government organizations and non-health related companies.

The content will not include mention of unapproved or investigational uses of products or devices.

Resolution of Conflicts of Interest
Physicians Insurance/Experix has implemented a process to resolve conflicts of interest for each continuing medical education activity, to help ensure content objectivity, independence, fair balance, and content that is aligned with the interest of the public. Conflicts, if any, are resolved through a peer-review process.

* If you are a member of Physicians Insurance, all CME courses are included with your premium. Click here to access members-only CME.