OrHIMA ROI Workshop

Monday, November 18, 2019

8:00 AM - 4:30 PM


7:30 AM - 8:15 AM - Registration/Continental Breakfast/Networking


8:00 AM - 8:15 AM - Welcome/Announcements


8:15 AM - 10:15 AM - Release of Information: Basic Rules of Disclosure

Aurae Beidler, MHA, RHIA, CHC, CHPS - Linn County Health Services Compliance & Privacy Officer

Claire Cieri, MS, CHC, CHPS, CHCO, CPMA, CHCA, CPC, CEMC - Certified

Healthcare Compliance and Privacy Officer/Auditor


  • HIPAA Privacy Rule Review
  • TPO and Continuity of Care – what does not require an authorization and what does
  • HIPAA and Oregon Law
  • Other Laws – 42 CFR Part 2, FERPA, Psychotherapy Notes, COPA, Oregon Statute
  • ROI specifics: Timeframes, Charging for Records, Record Retention and ROI


10:15 AM - 10:30 AM - Break


10:30 AM - 12:30 PM - Patient Rights

Aurae Beidler, MHA, RHIA, CHC, CHPS - Linn County Health Services Compliance and Privacy Officer

Claire Cieri, MS, CHC, CHPS, CHCO, CPMA, CHCA, CPC, CEMC - Certified

Healthcare Compliance and Privacy Officer/Auditor


  • Accounting of Disclosure, Access, Amendment, Restriction, etc.
  • Anatomy of an Authorization and Patient Access Form - requirements of a valid form
    • General
    • 42 CFR Part 2
  • Personal Representatives and ROI
  • Legal Documents (Guardianship, POA, Advanced Directives, etc.)
  • Minors, Decedents, Estates
  • Denial of Access (Clinical Judgement, How to deny/ What to send the requestor)


12:30 PM - 1:15 PM - Lunch (provided)


1:15 PM - 2:15 PM - Reporting to Authorities

Anne Greer, JD, Assistant General Counsel and Chief Privacy Officer, Legacy Health System


  • Mandatory Reporting
  • Law Enforcement
  • Public Health
  • HIPAA Permitted Reporting (e.g., military, correctional institutions, whistleblowers, etc.)


2:15 PM - 2:30 PM - Break


2:30 PM - 4:30 PM - Legal Proceedings from Discovery to Trial and Key Legal Documents

Cindy Hahn, JD, Senior Assistant County Attorney and Chief Privacy Officer, Office of the Multnomah County Attorney

Terri Barrett, PhD, CIPM, CIPP/G/US, FIP, IRB Vice Chair OHSU Office of the Chief Privacy Officer


  • Legal Health Record vs Designated Record
  • Set Subpoenas and Court Orders
  • Affidavit, Custodian of Records
  • Risk Management

ROI Workshop Faculty

Terri Barrett, PhD, CIPM, CIPP/G/US, FIP


Terri began her career with Oregon Health & Science University (OHSU) in October 2016 as Institutional Review Board Vice-Chair supporting the Office of the Chief Privacy Officer. In this role she worked with the OHSU research community to facilitate institutional compliance and integrity with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. In December 2018, she moved into the role of Manager, Privacy Advisory and Training Services where she oversees information privacy and security training, privacy policy management, policy exception reviews and privacy compliance projects.


Prior to coming to OHSU, she held the position as Deputy Chief Privacy Officer overseeing the WV Executive Branch privacy program involving the formulation, development, establishment and implementation of the overall privacy program's strategic goals and objectives. She had responsibility for development and issuance of privacy training programs, incident response management which included harm analysis, mitigation of impact, as well as tracking all incidents in the WV Executive Branch.


She holds a Bachelor of Arts degree in Sociology from West Virginia State University and a Master's of Science degree in Health Care Administration from Marshall University Graduate College. In February 2012, she earned her doctorate in Postsecondary and Adult Education from Capella University.


Aurae Beidler, MHA, RHIA, CHC, CHPS


Aurae Beidler is currently the Compliance and Privacy Officer at Linn County Department of Health Services where she oversees the compliance and privacy program. Prior to working at the county, she served as the Oregon Health Authority's Privacy Officer and an assistant professor and program director for the healthcare compliance graduate certificate program at Pacific University. She has ten years' experience in healthcare compliance including auditing and monitoring coordination, investigations, education and HIPAA Privacy Officer duties. She has also published several articles in Compliance Today. She serves on AHIMA's Privacy and Security Practice Council.


Aurae holds a Master's degree in Healthcare Administration from Pacific University, a graduate certificate in biomedical informatics from Oregon Health and Sciences University and a B.A. in Journalism from University of Oregon. Aurae is currently credentialed as a CHC, certified in healthcare compliance, RHIA, registered health information administrator and CHPS, Certified in Healthcare Privacy and Security.




Claire Cieri is a Certified Compliance and Privacy officer, auditor and coder who partners with clinic administrators and providers to keep healthcare clinics profitable while still being compliant with the many privacy, security and compliance laws and regulations. She has been working in the healthcare field for a decade, continually growing her skills. Claire has been an independent consultant for the past 6 years, helping clinic managers with compliance and privacy projects that they know they are required to do, but just do not have the time or the staff. Claire truly enjoys meeting and working with all types of clinic personnel, knowing that the true measure of healthcare is how we take care of patients, including their protected health information. She has taught workshops on implementing compliance plans, risk assessments, HIPAA policies and procedures, plus updating your business associate agreements and notice of privacy practices. Claire provides HIPAA and Cybersecurity training, plus policies and procedures for all types of clinics. She was instrumental in educating clinics on what was required for the Omnibus Bill in 2013. Claire believes that, in terms of security and compliance issues, you are only as strong as your weakest link so she knows that training, and training often, is the best way to ensure that your clinic does not run the risk of losing it all due to a simple human error. Claire worked with Lane Community College Health Clinic on their data breach last year that concerned over 2000 patients. She helped administration inform the OCR, media, and patients plus she rewrote their privacy and security policies, including training. Claire has a Masters of Science in Industrial Relations from the University of Oregon and a Bachelors of Art from Smith College.


Anne T. Greer


Assistant General Counsel and Chief Privacy Officer for Legacy Health. Responsible for advising on a broad range of legal issues affecting health care providers including managing all areas of regulatory compliance, business planning, contract negotiation and preparation, review and development. Provide counsel and legal representation with respect to patient care issues including consent to treatment, HIPAA privacy and security including use, release and disclosure of medical information, EMTALA, behavioral health, and end-of-life decision making. Legal advisor to hospital Ethics Committees, Utilization Management Committees and Research Department. Assistant Secretary to hospital Foundation Boards.


Prior to joining Legacy, practiced in both the private and public sectors in the areas of commercial litigation, bankruptcy, securities, insurance defense and contract litigation, including work as a trial attorney for the Commercial Litigation Branch of the U.S. Department of Justice. Graduated from Stanford University with a bachelor's degree in political science. Received law degree from the University of California, Hastings College of Law.


Past President and member of the Oregon Health Lawyers Association. Member of the American Health Lawyers Association and the Corporate Counsel and Health Law Sections of the Oregon State Bar. Hospital Representative to the Oregon Advisory Committee on Genetic Privacy and Research. Current member and past Chair of the Compliance Advisory Committee of the Oregon Association of Hospitals and Health Systems.




Cindy Hahn is a Senior Assistant County Attorney and the Chief Privacy Officer for Multnomah County, Oregon. Cindy represents the County in matters related to privacy, the protection of personal information and also handles other transactional matters. Prior to her role at the County, she held previous privacy and compliance roles at two large health plans and worked as a software engineer prior to and during law school. She earned a BBA in Management Information Systems from University of Texas at Austin and JD from University of Denver Sturm College of Law.


Online registration has closed. Onsite registration will NOT be available.


Registration is limited to 60.


Registration open through 11:59 PM PT November 15, 2019. Onsite registration will NOT be available. Register early!


When you register online, you will have the option to pay by mail with a check or pay online with a credit card (AMEX, Discover, MasterCard, or Visa). You will receive two emails once you join – 1) a confirmation email and 2) a registration statement email which serves as your receipt (if you paid by credit card) or invoice (if you plan to pay by check).


If you are paying by check, make your check payable to KnowledgeConnex, include your invoice # that is on your registration statement email, and mail your check to KnowledgeConnex. The mailing address will be on the registration statement email.


View Terms and Conditions


Click here if you need to cancel your registration or provide a substitute.

Continuing Education

CEUs: 7.0


During the week following the meeting, all paid attendees will receive an email with a link to the online evaluation and a CE certificate.


Registration includes a workbook including all slides and handouts.


OrHIMA Member: $149


Non Member: $169


Virginia Garcia Memorial Health Center

3305 NW Aloclek Dr
Administrative Building, Training Room 133
Hilsboro, OR 97124

Click here for directions