Interested in Learning About Our Annual Subscription? REQUEST YOUR FREE DEMO TODAY

Become an Annual Subscriber and Get $350 Off + Amazon Gift Card SHOP NOW

The 3 Most Common HIPAA Training Pitfalls to Avoid

Share: Share on Facebook Share on Twitter Share on LinkedIn

The 3 Most Common HIPAA Training Pitfalls to Avoid

Share: Share on Facebook Share on Twitter Share on LinkedIn
Hipaa training

No matter how adept you think you already are at the HIPAA security and privacy rules, HIPAA training is required for every practice. And if your training program isn’t up to the standards, expect to face breaches, fines and penalties in the future.

To ensure your HIPAA training program meets the government’s compliance guidelines, be sure to avoid these three common mistakes.

1. Failing to Include Everyone

The government requirement says that HIPAA training at a practice must include “all members of its workforce.” Some practices take a loose definition of who is included in the “all” segment, but at your practice it truly is required that you include everyone. Failing to train every staff member could cause you to commit a breach inadvertently.

For example, suppose your PR team has HIPAA releases on file from a patient to tell her story on social media. But then a new staffer joins as the organization’s website manager and posts the patient’s story on your blog. If they haven’t been trained on HIPAA, they may not realize they should check the patient’s HIPAA release to ensure it’s still within the date expiration guidelines and that it expressly says that the patient’s story can be posted on the blog. If not, that patient could say you violated her privacy.

The same is true for your practice’s cleaning staff, who may come across protected health information in the course of their work. They must also be trained on HIPAA.

2. Performing HIPAA Training Just Once

The HIPAA rules don’t spell out a specific timeline about how frequently you should perform privacy training, other than saying all new staff members must be trained swiftly and that training should be provided every time technology or working practices change. However, the government does state that you must perform “periodic evaluations.” And even though “periodic” can mean a lot of things, it definitely doesn’t mean that once is enough.

Ensure that your HIPAA compliance manual spells out how often you’ll be performing training, and document the dates when you do these trainings. Also note who was there and what information you shared.

3. Training on the Privacy Rule Only

The HIPAA rules cover both privacy (ensuring that you don’t reveal protected health information) and security (ensuring that you keep electronic PHI safe). Some practices train their staff members only on the privacy rule, and leave out the essentials of the security rule.

For instance, making sure that patient files aren’t left out where other patients can see them would fall under the privacy rule. Ensuring that you have a firewall in place so cyber attackers can’t access your electronic patient data would fall under the security rule. You must train your staff on both aspects of HIPAA to stay compliant.

Perfect your practice’s HIPAA training with ironclad strategies from legal expert Erica Beacom, JD. During her online training, Fulfill HIPAA Compliance Training Requirements for Your Practice Staff, Erica will provide simple-to-implement tips that can keep your practice compliant. Register today!

Subscribe to Healthcare Practice Advisor
Get actionable advice to help improve your practice’s
reimbursement, compliance, and success in this weekly eNewsletter.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.