HIPAA Maintenance: Document Control and Quality Improvement

Credits: 1

Course Description

Medical records are the legal record of care. Billing and accounting records are the heart of the clinic’s finances. HIPAA’s documentation requirements similarly address the privacy and information-security aspect of the practice. As the first step toward implementing safeguards specified in HIPAA’s Security Rule, the Department of Health and Human Services requires organizations to conduct a risk analysis. But what does a risk analysis entail, and what do you absolutely have to include in your report?

This 1-hour, on-line self-study course will discuss:

  • the role of written information-security policies and procedures
  • how keeping your documentation under control helps you ensure the protection of Protected Health Information (PHI)
  • prepares you for audits and investigations
  • how quality improvement methods can help you with HIPAA compliance

Learning Objectives

At the conclusion of this course, participants should be able to:

  • List the four standards and implementation specifications within HIPAA that spell out a covered entity's duty to monitor its compliance with the privacy and security rules. 
  • Cite one operational change affecting the security of electronic PHI that you will make.

    Faculty Information 

    Robert Y. Oikawa
    , MD, MPH, CISSP, CPPS, CPHQ, has focused on the information security and safety of health care information technology, especially regarding HIPAA security and privacy. He has been involved with health care, security, safety, and quality improvement throughout his career. He received his MD degree from the Johns Hopkins University School of Medicine in 1979, completing his medical residency and fellowships in biomedical engineering, cardiology, and interventional cardiology at the Johns Hopkins Medical Institutions. After a stint in private practice of interventional cardiology, he returned to software engineering and served as principal consultant, senior program manager, and senior architect during a decade with the Microsoft Corporation and MSNBC, focusing on software and system architecture, information security, learning solution development, software engineering best practices, risk management, innovation, and intellectual property. 

    Planning Group 

    Tracey L. G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS – Skagit Regional Medical Center, Mount Vernon, WA
    David McGrath, CPHRM – Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
    Cathy Reunanen, ARM, CPHRM Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
    Cryss. Toycen – CME Specialist, Physicians Insurance, Seattle, WA
    Mesina McMurray – CME Coordinator, Physicians Insurance, Seattle, WA

    Original release: February 2015

    Last Review Date: February 2017

    Expiration: February 2019

    CME Information
    This CME activity was planned and produced in accordance with the ACCME Essentials. 

    Category 1 credit is applicable throughout the United States.

    Estimated time to complete this activity: 1 hour

    Physicians in Washington who complete this course will fulfill the risk management education requirement mandated by the Washington Health Services Act of 1993.

    Physicians Insurance/Experix is accredited by the Washington State Medical Association CME Accreditation Committee to provide continuing medical education for physicians.

    Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

    This activity meets the criteria for up to 1 hour of Category I CME to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.

    The content of this activity does not relate to any product of a commercial interest as defined by the ACCME; therefore, neither the planners nor the faculty have relevant financial relationships to disclose. Physicians Insurance/Experix CME maintains full control of the content of every course we provide. It is our policy to identify and resolve all speaker and planner conflicts of interest. Each speaker is required to give a balanced, evidence-based presentation that is free of commercial bias.

    Resolution of Conflicts of Interest
    Physicians Insurance/Experix has implemented a process to resolve conflicts of interest for each continuing medical education activity, to help ensure content objectivity, independence, fair balance, and content that is aligned with the interest of the public. Conflicts, if any, are resolved through a peer-review process.

    * If you are a member of Physicians Insurance, all CME courses are included with your premium. Click here to access members-only CME.