How Should Employees Be Trained & in What Manner in HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act of 1996, protects the privacy of individuals' protected health information (PHI). It was created by the U.S. Department of Health and Human Services' Office for Civil Rights (OCR), and the OCR enforces the Act and imposes penalties upon violation. Training employees who work directly with patients and their PHI must be a requirement of any health care organization and provider. Training delivery of HIPAA topics is most effective in a combination of classroom settings, online modules, and self-study on the employee's own time.
Other People Are Reading
Instructions
-
-
1
Conduct classroom-style training, during orientation, with all new hires who handle protected health information. Create PowerPoint slide presentations for onscreen projection for staff to follow on HIPAA topics. The first lesson would be HIPAA 101, an overview of the rules and how they apply to your company. The OCR website contains sample training materials that may be used as-is or customized for your training.
-
2
Conduct advanced classroom trainings on: obtaining authorization to discuss protected health information (PHI), how to guard PHI in the workplace, and what to do in the event of a HIPAA rule violation. Present real-life scenarios and case studies and quiz employees on how they would handle different situations.
-
-
3
Write a series of privacy policies and procedures based on HIPAA, confidentiality and privacy for employee self-study. Use lay terms in the policies so they are easy to understand and clearly demonstrate your company's work flows for protecting PHI. Post these policies on your company's intranet, email to all employees and print hard copies for posting in common workplace areas for easy access.
-
4
Deliver systems training, in a classroom setting with computers, set up so employees can use the computers during training. Teach employees the importance of logging in, logging off, password protection and screensavers for staff utilizing PHI electronically. Train staff to access only the PHI they need and restrict access as necessary. Use "dummy" or de-identified PHI for the training sessions.
-
5
Send out email reminders requiring employees to complete annual online training refreshers about HIPAA. Several training companies offer web-based training modules consisting of an online video about privacy followed by a multiple-choice questionnaire.The employee must log in to the module so the employer can track who has completed the training.
-
1
References
- U.S. Department of Health and Human Services: Health Information Privacy: Training Materials
- U.S. Department of Health and Human Services: Health Information Privacy For Covered Entities
- University of California San Francisco: Privacy and Confidentiality Frequently Asked Training and Education Questions
Resources
- Photo Credit today image by alwayspp from Fotolia.com
