According to the Health Insurance Portability and Accountability Act (HIPAA), all individuals who have access to sensitive patient information, including medical records, must receive training on HIPAA policies and procedures. Even employees in non-medical roles, such as human resources employees, lawyers, and even maintenance personnel, may be required to complete HIPAA training.
The goal of this training is to ensure that patients’ rights to privacy and confidentiality are protected at all times. The consequences of not providing training can be steep (i.e., large fines and potentially imprisonment), so organizations cannot afford to ignore the regulations.
HIPPA employee training can take many formats. Here are the main options organizations have for providing HIPAA training for their employees.
In-house instructor-led training
Organizations may choose to develop their own HIPAA training courses based on approved resources. The U.S. Department of Health and Human Services provides training materials, as do several major publishers. These programs should be developed by certified HIPAA professionals who have themselves completed approved training programs. The advantage of this approach is that organizations can tailor the curriculum of their HIPAA compliance training to meet their unique needs. The disadvantage is that the courses can be costly and time consuming to develop and deliver, especially if the training must be repeated often, for example, during the onboarding of new employees.
In-person seminars and boot camps
For organizations that want to provide instructor-led training, but don’t want to develop their own programs, there are a variety of seminars and boot camps available. Depending on the level of training, these may be half-day, full-day, or even multi-day training sessions. The advantage of these courses is that learners benefit from being able to ask questions and work together on real-world case studies and compliance problems. The disadvantage is that they can be cost-prohibitive, especially for smaller organizations, like doctor’s offices. In addition, not all individuals who require HIPAA training need it at this level of detail.
Following an overall trend in corporate training, HIPAA training courses are rapidly moving online. Many companies offer online compliance and security training, for both individuals and organizations. The advantages of online HIPAA training are many: they are inexpensive, they don’t take very long to complete (some courses can be completed in under an hour), and they are available on an on-demand basis. In addition, many of the courses allow learners to access the materials even after the training has been completed, so they can easily go back and review the information as necessary. For many organizations—particularly those for whom basic compliance training is all that is required—online training is the option that makes the most sense.
Following HIPAA training, all employees must sign a form stated that they have completed the training. This form is kept as part of the employees’ personnel records. For third-party courses, such as online training, participants usually must pass a test and then are issued a certificate stating that they have completed the training program.
HIPAA training isn’t something you do just once—refresher courses are required every couple of years. In addition, the laws can change (the most recent revision took place in 2013). Finally, in addition to the basic compliance training, advanced HIPAA training courses are available. The Department of Health and Human Services has six educational programs for physicians and health care professionals. These programs are free and are eligible for continuing education credits.
If your company works with protected health information (PHI), your employees require HIPAA training. Examine your organization’s needs and your available resources to determine the best way to provide HIPAA training for your employees.