Road to HIPAA Compliance: Training the Workforce

by KirkpatrickPrice / August 23rd, 2016

4 Key Elements of HIPAA Compliance Training

This webinar discusses training your workforce for HIPAA compliance. You may feel some push-back or a lack of enthusiasm from your workforce about HIPAA training, but it may be helpful to remind them that training is not only required, but it’s the key to HIPAA compliance. An effective workforce training program makes an effective HIPAA compliance program. Although it’s a challenge, it is one of the best ways to ensure enterprise-wide HIPAA compliance.

There is some flexibility to HIPAA training because there are so many types of entities, levels of maturity, different sizes, etc. The goal of HIPAA training is to protect the privacy and security of information. HIPAA training is not just to advise employees about different laws; they need to know what their company’s specific rules are in respect to PHI. There are four required elements of workforce training:

  1. Universal Application – Everyone is subject to HIPAA training requirements and everyone is a part of maintaining the confidentiality of PHI. HIPAA training is not only for staff who interact with patients. It’s for everyone, even someone who rarely has access to PHI. Universal application is also required by the Privacy Rule and the Security Rule.
  2. Define PHI – Every entity needs to identify the elements of PHI so that everyone is aware of risks and responsibilities. Ask your organization the question, what does PHI mean to you?
  3. Minimum Necessary – Convey to business associates that just because there is authorized access to PHI doesn’t mean that all PHI should be shared with all people. What PHI do we normally disclose for this task? What do we do about exceptions? For example: what PHI is appropriate to leave on a voicemail?
  4. Authorized Personnel Only – Employee access to PHI must be authorized, and employees should only access PHI when it’s necessary to fulfill job duties. This goes hand-in-hand with the minimum necessary element. If accessing PHI is not a part of an employee’s job duties, then it’s a violation of HIPAA.
  5. Security Awareness – Create a security awareness program that includes security reminders, protection from malicious software, training on log-in monitoring, and password management.

Although it may be a challenge to get your workforce excited about HIPAA compliance training, remind them and yourself that good training is the key to protecting PHI. Listen to the full webinar for more details about the frequency of training, documenting training, and an insightful Q&A. To learn more about training your workforce, contact us today.