HIPAA Training – Who Needs It?
You do! You need HIPAA training if your job brings any of your employees even very occasionally within reaching distance of somebody else’s health information. Since 2004, every employer has been under an obligation to train staff that is able to access the health information of others, including other employees that are members of a company health plan, or patients and their families if their business offers any form of health service or advice.
HIPAA not only protects the health information of patients attending health clinics, dentists and hospitals, but also of those who have provided information about their health to health insurance companies or even to their employers. Any business with employees or even business associates that can access these protected health records must undergo HIPAA training, as must any technicians or associates that can transfer such information between departments or health establishments either physically or electronically.
HIPAA Training is Mandatory
In fact, HIPAA training is mandatory and little wonder, because under the HITECH regulations, effective from February 17th, 2010, breaches will cost your business a minimum of $25,000 for violations of which you are unaware to $1.5 million for willful neglect of health records. HITECH was partially intended to extend the power of HIPAA to cover business associates of health services such as insurance companies, software providers, maintenance companies and other contractors.
If you are an employee of a company that in any way serves a hospital, medical or dental surgery or any other form of health service, then you should receive HIPAA training so that you are fully conversant with your obligations, and understand how to play your part in maintaining the integrity and privacy of the personal health information of any person, whether a patient or another employee of your own company or a company or health service to which you are providing services.
Since HITECH was implemented, all businesses that have potential access to such medical or personal health information are now subject to the terms of HIPAA and must become involved in HIPAA training. Every individual, from the board of directors or managing body down must undergo the training necessary to render them conversant with the terms of HIPAA and what is needed to comply.
Further training should then be provided to individual managers and employees with specific responsibilities, even with regard to the locks on doors leading to rooms and filing cabinets in which personal health records are stored. These must be secure, and the distribution of keys carefully recorded and managed. That’s the detail needed for your business to properly comply with HIPAA and avoid any breaches in the security of personal health information.
Breaches Must be Reported
Under HITECH, individuals and corporate bodies have a legal obligation to report any breaches, which then become subject to financial penalties such as those outlined above. The importance of HIPAA training is therefore paramount in ensuring that every employee of a hospital, surgery, health care facility, dispensary or any other establishment with access to an individual’s personal and private health information is aware of their obligations.
The same considerations apply to health insurance employees, technicians involved in storing and transferring electronic health records between offices and storage media and anybody else that could conceivably catch sight of such records. HIPAA training will make such people aware of how the Act affects them, and the importance both of maintaining security of health information and of reporting any breaches. You decide who this covers – and if you are in error, you are also responsible.
HIPAA training is available both remotely, by attending training seminars and courses, or online, where progress is established through online quizzes or questionnaires. HIPAA training should also be part of a business’s HITECH or HIPAA auditing procedures, and progress should be maintained in an individual’s personnel records. Failure to do this could result in heavy financial penalties as a breach of HIPAA regulations.
Business Associates Are Included
Most training will be required on behalf of those organizations with multiple locations and that have an HR employee at each location that is responsible for implementing HIPAA. Such personnel will generally be responsible for ensuring that employees in each location are familiar with company’s policy and how it is implemented. They may also be responsible for integrating HIPAA into the policy of business associates who may process the health information of other employees and possibly even that of patients.
The company has a legal obligation to properly train such employees or HR managers that may have access to protected health information in the requirements of HIPAA, and retraining every three years is also recommended. Because training costs can be high, many employers have either neglected or postponed such training, but if that is you then you may now be facing heavy penalties if an employee complains – as is their legal right under HITECH.
It is generally wise for any organization with even the slightest and remote access to protected health records to provide mandatory HIPAA training to all staff. HIPAA Awareness training courses are available online, and their cost is significantly less than the penalties for failing to train your staff.
To see our HIPAA Training program and satisfy your HIPAA Training Requirements click here.