CRIS Certification – Why it’s Critical for Record Management


It’s no surprise that Protected Health Information (PHI) must be kept secure while at rest and throughout the PHI transfer process. This requires an in-depth knowledge of a patchwork of rules and regulations that must be learned, studied, and applied rigorously. 

CRIS – or Certified Release of Information Specialist – is a designation that represents professionalism and understanding in managing and releasing PHIBy ensuring a thorough knowledge of circumstances that affect how PHI is transferred, trained specialists can remain effective and compliant in the handling medical records.


A certificate is awarded to individuals who pass the examination with a grade of 80% or higher. This provides validation of professional competence in the release of information space. The test is divided into relevant subject groups like medical records, release of information theory, privacy provisions and terms, HIPAA standards, benefits, and practical application.

The certificate measures:

  • General medical records knowledge
  • Aptitude regarding situations that involve patient privacy
  • Understanding of all aspects of release of medical information
  • Understanding of terms related to HIPAA eligibility

Candidates must have fulfilled one of the following AND must be employed by a member or client of the Association of Health Information Outsourcing Services (AHIOS):

  • Healthcare information credentialed (RHIT, RHIA or CCS)
  • Worked previously in release of information (ROI) for at least 6 months
  • Attended post-secondary education in HIM but is not certified as an RHIT


Remaining compliant is crucial in healthcare. When a PHI breach occurs, it compromises very personal data of affected individuals that could involve a leak in everything from medical information to Social Security numbers. Typically, negligent unauthorized access, use, or disclosure of individually identifiable health information is the cause for such violations. Even more stressful, breaches affecting 500 or more people get posted on the notorious Office for Civil Rights (OCR) “Wall of Shame”.

And if that didn’t convince you, here are a few more statistics on PHI to consider:

  • Healthcare is one of the most highly targeted industries for cyberattacks, with hospitals representing the victims of 30% of large data breaches.
  • Nearly 50 million Americans had their PHI breached in 2021, a threefold increase in three years.
  • In 2021, the share of residents whose protected health information was exposed in a data breach was 10% or higher in 22 states.
  • The number of reported healthcare breaches in 2021 increased by 19%. There were 905 reported in 2021 compared to 758 in 2020.
  • Unauthorized access/disclosure accounts for 34% of violations every year, up 162% over the past three years.


Clinical practices are faced with a wide variety of challenges every day – managing patient visits, staff training, resource management and various administrative tasks to name a few. Ensuring that team members are fully educated and prepared to handle PHI with 100% compliance is a daunting task, but it’s critical to ensuring that PHI is handled with the utmost care and respect.

Where do you want to start?

Tell us a little bit about yourself, and we’ll match you with the right expert to help you optimize your patient information.