5 Benefits of HIPAA Privacy and Security Training

HIPAA law requires that all workforce members with any access to PHI receive training in basic privacy and security practices. “Workforce” includes housekeehipaa-reqping staff, dietary workers, clerical staff, and contract workers in addition to all members of the clinical staff. But “compliance” is not the only reason to ensure that all workforce members understand and follow basic privacy and security protocols – here are 5 more:

      1. Training provides the basis for a “human firewall” against PHI loss.
        Healthcare staff members interact with patients’ protected health information (PHI) dozens of times per shift. Every interaction is an opportunity to either protect or expose patients’ PHI. Ensuring that every member of a healthcare organization understands the practices necessary to protect both the privacy and security of patients’ PHI creates a ‘human firewall’ against a data breach.
      2. Training increases awareness of risks to patients’ well-being.
        A surprising number of well-meaning healthcare staff members are naïve about the risks posed to patients through careless handling of PHI. Training increases their awareness and provides specific instruction about how to keep their patients’ records safe.
      3. HIPAA Training reinforces initiatives to develop a “patient safety” culture.
        If designed and delivered well, a HIPAA Privacy and Security course will teach staff that protecting patients’ PHI is just another aspect of keeping patients safe – as important as infection control, fall-prevention, and medication safety measures. Training fosters a common understanding of “the right way” to handle patient information so that an error or misconduct by one staff member is more likely to be noticed and corrected before any patients’ records are compromised.
      4. Careful handling of PHI improves patient and family satisfaction.
        Security breaches in the headlines have members of the public paying more attention to staff handling of their personal information. In fact, approximately 25-30% of the HIPAA Audits conducted annually by the OCR each year are triggered by a patient or family member complaint. Patients and families are now more likely to notice - and appreciate – careful handling of their PHI.
      5. CYA - HIPAA Training reduces executive and organizational liability.
        In addition to protecting your patients’ PHI, staff training is also essential for protecting yourself and your organization. Staff training is required by law. If a breach occurs and you are the executive responsible for information security, you could be found personally negligent if you have not ensured your staff is properly trained. Alternatively, if your staff has been trained, your personal liability will be minimized, and the penalty levied by the OCR will be less severe.


Protect yourself, your organization, and your patients by making staff training a high priority.

Training - Green Billboard on the Rising Sun Background. Julie Rennecker, PhD, BSN, is the founder of The Management Doc, LLC, and Chair of Third Rock’s Clinical




Contact us at compliance@thirdrock.com to learn more about Third Rock’s Worry-free TrainingTM Solution:

✔   Comprehensive – Covers Privacy, Security, and Breach Notification Rules
✔   Fast and Easy-to-use – Entire course can be completed in about an hour
✔   Self-paced – Participants can log in and out as time permits
✔   Convenient and Flexible – Can be completed from a PC, smartphone, or tablet
✔   Easy to Manage – Issues reminders to staff and automatically tracks course completion
✔   Executive Reporting – Dashboard readily tracks each individual’s training status
✔   Individual Transcripts – Downloadable transcripts document personal training history

Promotional pricing available until February 19, 2016.

Julie Rennecker, PhD, BSN
About the Author

Julie Rennecker, BSN, PhD is an organizational development consultant specializing in the people and process challenges related to healthcare technology change. With 10 years bedside clinical experience (ICU, ER, behavioral health), a PhD in Organizational Behavior from MIT’s Sloan School of Management, five years on the Information Systems faculty at Case Western Reserve University, and more than 15 years’ research and consulting experience, she brings a unique synthesis of clinical, academic, and industry experience to bear on client problems and opportunities. She holds a Certificate in Health IT and Health Information Exchange from the University of Texas and is a credentialed EpicCare Ambulatory trainer.

%d bloggers like this: