As we noted previously, there are numerous requirements for HIPAA compliance. The next step we would suggest is HIPAA Training. The Education of your staff regarding what is HIPAA and what does it require is top priority and government requirement. This education can be training classes as well as knowledge of your
organization’s policies and procedures.
- Staff Training: HIPAA Privacy and Security Training, for all employees, is required to be done soon after initial employment and then periodically thereafter.
- Officer Training: In-depth HIPAA courses are required for your organization’s HIPAA Privacy and Security Officers.
- P&P Based: HIPAA training must complement your organization’s HIPAA policies and procedures.
- Current: HIPAA refresher classes should as needed to keep staff informed about material changes in HIPAA policies and procedures.
- Documented: You must document each individual employee’s HIPAA training.
A current set of HIPAA Policies and Procedures provides you a source of education through guidance to staff as to what they can and cannot do regarding HIPAA activities. These policies and procedures should address all aspects of an organization’s healthcare activities.
- What you can say?
- Who you can say it to?
- Access to healthcare data?
- With whom you can share that data?
- What needs to be encrypted?
- What happens if there is a breach?
- What happens if electrical power is lost or there is a natural disaster?
- And a myriad of other healthcare activities that involve protecting healthcare information.
If you are interested in knowing where to start, try Third Rock’s HIPAA Quick-Check (http://cyberquickcheck.com/), which is a mini-risk assessment that will let you know very quickly your level of HIPAA compliance regarding the major areas of HIPAA compliance.
Articles in the series: