HIPAA (The Health Insurance Portability and Accountability Act) was established to set national standards to protect individual’s medical records and other Protected Health Information (PHI).
The HIPAA Privacy Rule (45 CFR 164.530(b)(1) ) states:
“A covered entity must train all members of its workforce on the policies and procedures with respect to PHI…as necessary and appropriate for the members of the workforce to carry out their functions within the Covered Entity.”
In the last five years HIPAA has fined up to $2.3 million to individual practices for Careless Handling of PHI, Unauthorized Disclosure of PHI, and Impermissible Disclosure of ePHI. In many, if not all of these cases, improper training of employees added to the catastrophic nature of these violations. If your employee understands HIPAA law, they will not make careless, costly, and illegal errors.
This act requires that your practice conduct training for all employees to ensure policies are being followed to the HIPAA standards. For many dental offices, this can be overwhelming. Often the doctor and office managers are not fluent in the HIPAA laws, and training is put off indefinitely. This is a danger on many fronts: your patient’s PHI is not secure and your practice is vulnerable to considerable fines by HIPAA.
“How does employee training protect me?”
Training ensures that your staff will not unintentionally disclose patient information and provides best use policies. Social media is everywhere and your staff is on at least one platform. Certify your staff understands the financial and reputational risks before they create a post. Besides reputation risk, best use policies mitigate data breaches. Many ransomware attacks begin by targeting uninformed users. A well-trained staff is the best protection against data breaches and HIPAA violations.
Bottom line: Having a set of policies and procedures for employees reduces risk and strengthens trust between your staff and patients.
“Does HIPAA Mandate Staff Training Annually?”
No. But PCIHIPAA suggests holding annual staff training to ensure that your staff is current on HIPAA laws, policies, and procedures.
Bottom line: Knowing that all employees understand and comply with HIPAA law makes your practice safer for you and your patients.
“How long must the training be?”
HIPAA does not mandate actual instruction time. PCIHIPAA encourage practices to focus on the material, rather than the time. Understanding HIPAA Policies, Systems, Business Associate Agreements, and other safeguards will keep fines and violations away from your practice.
Bottom line: PCIHIPAA’s OfficeSafe™ platform provides a comprehensive solution to training your employees. Documents, videos, quizzes, and certificates will help your staff grasp HIPAA law in a fun, low-stress way. Many of PCIHIPAA Clients choose to do a “Lunch and Learn” and train as a group, while other practices prefer training to be completed individually. You can customize the training to meet your practices’ needs while easily managing and tracking their status within OfficeSafe™!
PCIHIPAA created OfficeSafe™ to help clients take the guesswork out of HIPAA and protect them from HIPAA non-compliance risks, and patient data breaches. In addition, OfficeSafe’s Business Associate Agreement tool helps practices to quickly create, send, execute, and store all of their Business Associate Agreements. OfficeSafe™ includes tools for the implementation of multiple HIPAA safeguards and requirements. PCIHIPAA wants you to have the peace of mind that your practice will remain both fine-free and compliant.
Sign Up For HIPAA Training for your Practice
Take your first step towards HIPAA Compliance by taking a Complimentary HIPAA Risk Assessment.
Learn more about HIPAA training and 10 Steps to Protect Your Office From Ransomware.