HIPAA Training

Without a doubt, HIPAA presents a major challenge to both your time and your budget. If you are like the majority of healthcare providers, you are operating with a limited staff and with a limited budget. The regulations are complex, confusing and difficult to comply with easily. However, you don’t have a choice. HIPAA must be addressed – and addressed correctly – because failure to comply with these laws has significant impact: fines, lawsuits, and loss of patient confidence. Many covered entities still have yet to adopt the changes effected by the HITECH Act in 2010 and more are unaware of the mandated compliance issues specified in the Omnibus Rule of 2013.

HIPAA Awareness Training

Many healthcare providers are just now realizing what HIPAA is, and the implications involved in regulatory compliance. HIPAA’s Privacy Rule mandates that every covered entity provide training for “all members of its workforce with respect to the policies and procedures” on use and disclosure of protected health information, “as necessary and appropriate for the members of the workforce to carry out their function within the covered entity.”

Every current employee must have received training on or before the Privacy and Security Rules took effect and each new employee must receive training thereafter. HIPAA’s Privacy and Security Rules leave it to each organization to determine the form and content of “appropriate” workforce training.

Our two-hour training session provides a top-level introduction and overview of HIPAA, both the Administrative Simplification Rule and the Security Rule, and its impact on your facility. Our program highlights significance of HIPAA for your healthcare practice, as well as some specifics of the nature of your overall compliance with the covered entity requirements. This session is oriented towards creating a comprehensive staff understanding of the basis, requirements, and impact – both financial and organizational – on your healthcare facility’s business, in clear-cut, easy-to-understand terminology. We will conduct this session at your location for your healthcare delivery team. This is a fee-based service, with a quote provided upon request. Lower professional fees may apply if this session is conducted in concordance with your staff OSHA training.

All employees who have regular access to patient information need to understand the law’s basic requirements. Patient privacy depends critically on appropriate control of information in patient records, by everyone who uses them. Care providers, and others who interact regularly with patients, need an even greater familiarity with the details of HIPAA. As patients become more aware of their rights, they can be counted upon to ask lots of questions, particularly in the early weeks and months after the law takes effect. In the end, the test of an effective education program is not how many details of state or federal law an employee can remember. Behavior is what counts — applying the laws’ and regulations’ requirements to particular situations. To that end, HCR’s education efforts aim for a cognitive level higher than just memorization. Employees need to understand the HIPAA regulations.

Covered entities must document that training has been provided but HIPAA regulations do not provide any guidance to the form or content of the educational efforts. DHHS has been clear in its commentary that such specifics are left to the “reasonable discretion” of the organization. An earlier requirement that workforce members sign a statement certifying training completion and promising compliance with information protection policies was dropped. You are free to use any “appropriate mechanism” to document workers’ compliance with the training requirement. Our staff HIPAA training session lasts less than two hours and covers all of the basics of both the Privacy and Security sections of the regulation. This session is intended as an awareness program and has been carefully designed and developed for ALL staff members. We provide handout materials and training documentation for your records.