Through its audit process, the Office for Civil Rights continues to find deficiencies in the way that medical practices handle HIPAA compliance programs. Theft or loss of unencrypted electronic systems and media containing protected health information is an ongoing problem. Cases continue to occur where patient records are left unprotected and where unauthorized access may be gained. Headlines of large penalties levied against health-care organizations for security breaches continue to populate the media.
The Department of Health and Human Services requires organizations to conduct a risk analysis as the first step toward implementing the safeguards specified in the HIPAA Security Rule and ultimately achieving HIPAA compliance.
At the conclusion of this course, participants should be able to:
John R. Christiansen, Christiansen IT Law
Since the early 1990s, John R. Christiansen has been practicing law related to health-information technology. After practicing in major law and consulting firms, John formed Christiansen IT Law in 2005 to provide services on a more flexible, cost-effective basis.
Christiansen IT Law’s services include privacy and security assessment, compliance and risk management, contracting and licensing of health information technology services, and related issues. Clients include health-care providers, technology and services vendors, government agencies, academic institutions, and professional firms.
John is an active participant in professional associations, including current service as Chair of the Washington State Bar Association Health Law Section, and past Chair of the American Bar Association’s HITECH Megarule Task Force. He frequently speaks and publishes on health information technology and is the author of An Integrated Standard of Care for Healthcare Information Security (AHLA 2005), The HITECH Business Associate Contracts Bible (ABA 2013) and Management of Health Information in Washington State: Federal and State Regulations (WSHIMA 2015), a recently published, comprehensive reconciliation of Washington State and federal health information privacy laws.
Tracey L. G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS – Skagit Regional Medical Center, Mount Vernon, WA
Angie Perez – HIPAA Privacy and Security Compliance Officer, Family Care Network, Bellingham, WA
Cathy Reunanen, ARM, CPHRM – Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
Cryss. Toycen – CME Specialist, Physicians Insurance, Seattle, WA
Mesina McMurray – Content Development Project Manager, Physicians Insurance, Seattle, WA
Amanda Pugh – Risk Management Education Assistant, Physicians Insurance, Seattle, WA
Original release: March 2016
Last reviewed: March 2017
Expiration: March 2019
This CME activity was planned and produced in accordance with the ACCME Essentials.
Category 1 credit is applicable throughout the United States.
Estimated time to complete this activity: 1 hour
Physicians in Washington will fulfill the risk-management-education requirement mandated by the Washington Health Services Act of 1993.
Physicians Insurance/Experix is accredited by the Washington State Medical Association to provide continuing medical education for physicians.
Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.
This activity meets the criteria for up to 1 hour of Category I CME to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.
* If you are a member of Physicians Insurance, all CME courses are included with your premium. Click here to access members-only CME.