HIPAA TIP: The Dos and Don’ts of HIPAA Training

The HIPAA Privacy Rule and the HIPAA Security Rule have training requirements for Covered Entities, Business Associates, Business Associate Subcontractors, and members of their workforce.  These can be found in 45 CFR § 164.530(b)(1) and 45 CFR § 164.308(a)(5), respectively. Any doctors, nurses, staff and employees who come into contact with Protected Health Information (PHI) must be trained. 

• DO conduct HIPAA and security awareness training upon hire. Document all training.

• DON’T consider HIPAA training to be a “once and done” situation.  Regular HIPAA training needs to be conducted – whether this is bi-annually, quarterly or during monthly staff meetings. 

• DO include security reminders, patients’ rights, minimum necessary rules, and disclosures of PHI. HIPAA training needs to go further than the basics of what HIPAA stands for. 

• DON’T ever assume just because someone has been in the healthcare industry for many years that they know everything they need to know about HIPAA and security awareness.

• DO explain why HIPAA matters. All individuals want to know that their privacy as a patient is important. We all want this security with our PHI.     

Leave a Comment