2021 HIPAA privacy training

4.6 out of 5
4.6
5 reviews

This course covers the concepts and knowledge allied health workers need to correctly handle patients’ protected health information (PHI) and to comply with all HIPAA regulations, including: administrative, simplification, Privacy Rule, Security Rule, transactions and enforcement.

HIPAA stands for the Health Insurance Portability and Accountability Act and is a U.S. federal law enacted in 1996 as an attempt at incremental healthcare reform. It was subsequently revised in 2009 with the ARRA/HITECH Act and again in 2013 with the Omnibus Rule.

HIPAA’s intent was to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of patients’ health information. Today HIPAA compliance mainly revolves around the last item: protecting the privacy and security of patients’ health information.

Introduction

1
Summary of HIPAA
30 minutes

HIPAA overview

1
What is HIPAA?
10 minutes
2
What are covered entities?
10 minutes
3
HIPAA overview quiz
5 questions

Your personal rights under HIPAA

1
What are your rights under HIPAA?
15 minutes
2
Your New Rights under HIPAA
3 minutes
3
Your personal rights under HIPAA quiz
5 questions

Healthcare provider responsibilities

1
HIPAA for healthcare providers
15 minutes
2
The HIPAA Omnibus Rule
3 minutes
3
HIPAA final quiz
10 questions
Any organization or person who works in or with the healthcare industry or who has access to protected health information. This includes: Healthcare Providers Employer Group Health Plans Health Insurance Companies Healthcare Clearing Houses Business Associates (anyone who works with any of the 4 above)
Because HIPAA applies to many different types of Covered Entity (CE) and Business Associate (BA), the HIPAA training requirements are best described as “flexible”. Training is undoubtedly mandatory. It is an Administrative Requirement of the HIPAA Privacy Rule (45 CFR §164.530) and an Administrative Safeguard of the HIPAA Security Rule (45 CFR §164.308). However, other than stipulating training should be provided “as necessary and appropriate for members of the workforce to carry out their functions” (HIPAA Privacy Rule) and that CEs and BAs should “implement a security awareness and training program for all members of the workforce” (HIPAA Security Rule), there are no specific HIPAA training requirements.
Knowing that you have to provide training, but not knowing what sort of training you have to provide, does complicate HIPAA compliance. Certainly, if a breach of PHI was to occur, and a subsequent investigation found that no training had been provided, the CE or BA responsible could expect a substantial fine from the HHS´ Office for Civil Rights. To overcome the Flexibility of the HIPAA training requirements, CEs and BAs should refer back to their risk assessments. The risk assessments should have defined the function of each individual who may have contact with PHI or ePHI and, from these data, it should be possible to compile a “necessary and appropriate” security awareness and training program for each individual´s function or role.
What should be included in the security awareness and training program will depend on the functions or role of each individual employee, manager, volunteer, trainee or contractor who may have contact with PHI or ePHI. In many cases it will be necessary to compile multiple security awareness and training programs to ensure their content is relevant to trainees. This may be time-consuming and resource intensive; but, in order for training to be effective, it has to be focused. If an attempt is made to cram every element of the HIPAA Privacy and Security Rules into a six-hour training session, trainees will have too much information to absorb the relevance of HIPAA to their roles and the objectives of the HIPAA training will be unsuccessful.
With regard to the question of how often is HIPAA training required, the Privacy Rule and Security Rule both offer suggestions without mandating specific timeframes. According to the Privacy Rule, HIPAA training is required for “each new member of the workforce within a reasonable period of time after the person joins the Covered Entity´s workforce” and also when “functions are affected by a material change in polies or procedures” – again within a reasonable period of time. According to Security Rule, HIPAA training is required “periodically”. Many businesses interpret “periodically” as annually, which is not necessarily accurate or effective. HIPAA training should be provided whenever there is a change in working practices or technology, or whenever new rules or guidelines are issued by the Department for Health and Human Services.
HIPAA compliance officers should be in charge of organizing training – although they don´t necessarily have to conduct the training themselves. If, for example, training involves how to compliantly use a new piece of software, it may be better for a member of the IT team to present the training – although the compliance officer should be in attendance at the presentation.
4.6
4.6 out of 5
5 Ratings

Detailed Rating

Stars 5
3
Stars 4
2
Stars 3
0
Stars 2
0
Stars 1
0

{{ review.user }}

{{ review.time }}
 

Show more
Please, login to leave a review
Add to Wishlist
Get course
Enrolled: 117 students
Duration: 3 hours
Lectures: 7
Video: 30 minutes
Level: Beginner
2021 HIPAA privacy training
Category:
4.6 out of 5
4.6
5 reviews
Price:
$35