Quality Assurance & Compliance

The Office of Quality Assurance and Compliance is responsible for creating and managing a quality assurance program that covers all clinical departments to promote ongoing service and improvement. It monitors quality indicators and action plans at all University clinics and related programs, coordinates, reviews, and updates performance improvement plans, and gathers, presents, and makes recommendations on aggregate data and statistical reports. Additionally, the Office of Quality Assurance and Compliance is responsible for standardizing policies and protocols throughout the University’s health care facilities, including the development and implementation of compliance programs to ensure the University operates in accordance with state and federal laws. The Office of Quality Assurance and Compliance oversees and performs compliance audits and develops and facilitates compliance trainings and resources and collaborates closely with program and clinic-specific compliance departments.

 

HIPAA

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It's a federal law that establishes standards for the privacy and security of personal health information (PHI). This includes information like:

  • Identifiers: Name, address, birthdate, Social Security number
  • Medical history: Diagnosis, symptoms, treatment
  • Insurance information: Plan details, coverage
  • Genetic information

UIW often handles PHI in these areas:

  • Health centers
  • Medical school
  • Research programs
  • Student health insurance

HIPAA compliance ensures that this sensitive information is protected from unauthorized access, use, or disclosure.

Key Provisions of HIPAA

  1. Privacy Rule: This rule outlines how PHI can be used and disclosed. It includes requirements for obtaining patient consent, providing access to records, and implementing safeguards to protect information.
  2. Security Rule: This rule establishes standards for the security of electronic PHI. It covers topics like access controls, encryption, and incident response plans.
  3. Breach Notification Rule: This rule requires covered entities to notify individuals and the Department of Health and Human Services (HHS) in the event of a data breach.  

UIW is committed to protecting and safeguarding the confidential and sensitive information entrusted to us through various means. The UIW Compliance Office ensures that UIW complies with the privacy laws, rules, and policies. We strive to create a culture of privacy awareness and for the highest level of commitment to protecting personally identifiable information.

The Compliance Office handles issues related to privacy practices, policies, concerns, and complaints. We also act as a resource for patients, staff, and students. The privacy laws provide for certain privacy rights.

These rights include:

  • The right to receive a Notice of Privacy Practices (NPP).
  • The right to confidential communication (to use a certain phone number or specific mailing address when communicating about your care).
  • The right to request restrictions (access to your protected health information).
  • The right to amend your medical records (to correct erroneous information).
  • The right to an accounting of disclosures (to whom UT Health San Antonio provides information about you).

Any questions or concerns related to privacy matters should be directed to the Compliance Office at at (210) 802-3244 or emailing complianceoffice@uiwtx.edu


Reporting an Incident 

If you have any concerns related to the privacy of your protected health information, please call the Compliance Office at (210) 802-3244. You may also report by emailing complianceoffice@uiwtx.edu

Training

HIPAA training is conducted annually and is provided through Compliancy Group. Contact the Compliance Office to set up access the training by calling (210) 802-3244 or emailing complianceoffice@uiwtx.edu