Most HIPAA Entities ensure exactly what they need to provide new members of staff in relation to HIPAA training when they join the organization. The majority of companies will conduct basic HIPAA training sessions to ensure that they are compliant with HIPAA. In some cases they may even skip this training session if the new member of staff has already completed a HIPAA training course prior to commencing their employment.
While it may seem like this is a smart move as it guarantees that there is a basic level of awareness in relation to HIPAA among their workforce, it can create a false sense of security as basic training will undoubtedly miss some aspect of HIPAA that, if not known, could lead to a HIPAA breach occurring and a HIPAA financial penalty being sanctioned against that group. Something such as the Administrative Requirements of the Privacy Rule or the Administrative Safeguards of the Security Rule requires a more in depth session than just a few minutes during an orientation session.
There may be a belief that spending time going over previously visited topic is a waste of time but there are a number of reasons why this is not the case:
- HIPAA training for new staff members should incorporate sections related to the policies and procedures that your group has created to see to it that the confidentiality, integrity, and availability of PHI is in place. Due to the specific work that your group is involved in, the topics covered by a new employee’s previous company may not cover a very important aspect of the work that they will now be involved in.
- According to the Privacy Rule it is a legal requirement to conduct basic HIPAA training sessions for all new staff members. Not doing so will be considered as a HIPAA violation, even if the new members of staff have previously conducted a HIPAA training course.
- Conducting a rudimentary HIPAA training session for new members of staff, who has previously been given a HIPAA training course will indicate to OCR, in the event of an HIPAA investigation into an unavoidable HIPAA breach, that your group is dedication serious efforts and investment towards HIPAA compliance. Additionally it will show that the individual who was given the training is also responsible in relation to HIPAA compliance.
The simple answer is that you must conduct in depth HIPAA training for all new members of staff, no matter what training they have received previously, if you wish to show that you are serious about HIPAA compliance. It will go a long way towards ensuring that your patient’s PHI remains safe at all times, something which is very important for your business reputation, and also show OCR that you are doing everything possible to avoid HIPAA breaches from occurring.