While HIPAA provides an excellent set of standards for compliance within an organization, seasoned healthcare professionals know it’s not just about the standards, rather it’s how they are applied and audited.  Quality Assurance processes provide a healthcare organization an opportunity to create a set of standards and follow them to ensure compliance with HIPAA.

What is Quality Assurance?

Quite simply, quality assurance is the process of establishing policies and procedures for the benefit of the patient, and then ensuring those processes are followed.  Quality assurance is not limited to only HIPAA, rather it includes ensuring compliance with policy, regulation, and law at various government levels, along with developing internal strategies to support quality healthcare. By implementing a strong quality assurance process, healthcare organizations will be able to enhance their effectiveness in promoting and sustaining quality care.  It’s critical healthcare organizations be able to illustrate their ongoing compliance with HIPAA and other regulations, and documented quality assurance protocols provide that opportunity.  While each organization may have different quality assurance protocols to implement and follow, there are some routine processes that should be executed. These include:

  • HIPAA Policies and Procedures in accordance with the Privacy Rule
    • Multiple resource, routine audit of Release of Information requests prior to release
    • Right to Access expedited turnaround time
    • Personal Representative signature verification
    • Workers Compensation exception to the Privacy Rule
    • Affidavit fulfillment procedure with additional audit and sign-off
    • Subpoena fulfillment procedure by state with additional audit and sign-off
    • Deceased patient records fulfillment process
    • Restricted or limited request fulfillment and sign-off
    • Designated Record Set definition for the organization
    • Psychotherapy note definition for the organization (if applicable)
  • HIPAA Policies and Procedures in accordance with the Security Rule
    • Security Risk Analysis review
    • Work Plan review and update
    • Audit schedule and execution
  • HIPAA Policies and Procedures in accordance with the Breach Notification Rule
    • Risk Assessment process
    • Breach reporting process
  • Regular meetings, updates, training, and sign off on Compliance topics

How often should quality assurance protocols be reviewed or updated?

A variety of regulations and compliance needs means researching, refining, adjusting and amending processes on a routine basis to ensure the highest quality of work and best patient care.  At a minimum, all policies, procedures, and protocols should be reviewed on an annual basis for updates.  However, the breadth of compliance requires a keen awareness of what is going on in the industry.  Often when new legislation is passed at the federal or state level, there are compliance windows of less than a year.  This means that organization must continuously monitor the state and national environments for updates and changes to remain in compliance.  Furthermore, if the organization discovers non-compliance with a protocol, it’s in the organization’s best interest to review and possibly update the protocol in conjunction with staff training.  Maintaining excellent quality assurance requires constantly monitoring not only the regulatory environment, but also internal compliance.

Ensure Quality Assurance WIth a Partner

Maintaining high quality standards while remaining compliant with HIPAA and other regulations can require efforts that may take away from what matters most, patient care.  At ScanSTAT, we understand quality is an important factor in the healthcare information management industry and we take great pride in taking on quality assurance processes for Covered Entities. With a staff of healthcare data experts with an outstanding accuracy rate of 99.97%, release the time and burden of instituting quality assurance processes to ScanSTAT as your partner – we’ll take care of it for you! Interested in learning how we can help so you can get back to patient care? Request a demo today to see how we can add value and help your organization with excellent quality assurance.


This FAQ is for informational purposes only and does not constitute legal advice. Seek your own legal counsel to ensure compliance with federal and state law.