What does HIPAA Training do?


First introduced in 1996 to allow workers to maintain health insurance cover as they moved from one job to another, the Health Insurance Portability and Accountability Act (HIPAA) states that training should be conducted for staff in relation to HIPAA policies and procedures.

But what is HIPAA training for? Here we will explore what HIPAA training seeks to achieve and why it is so important to provide it during employee onboarding but follow it up with ongoing refresher training.

The Privacy Rule, which states: “A Covered Entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the Covered Entity.”

This means that HIPAA training should be conducted for all new members of the workforce soon after they commence employment and also in the aftermath of any material change in policies and procedures. The same is true for Covered Entities and Business Associates to put in place a security awareness and training regime, though the HIPAA Privacy Rule does not have a suggested time frame for this training to take place. 

HIPAA training aims to provide all staff members that will be handling protected health information (PHI) with the required level of knowledge in relation to policies and procedures related to that information, such as including the what PHI may be used for, when it may be shared, how to secure it, patient legal  rights, how to carry out tasks in a HIPAA-compliant manner, and what happens if HIPAA breaches occur.

There are a range of benefits that result from providing HIPAA training for staff and doing even more than the minimum required for HIPAA compliance. Doing so drastically reduces the chances of a HIPAA breach occurring at your organisation.

HIPAA training aims to see to it that everyone working the healthcare sector that is handling PHI is conscious of their legal obligations in relation to HIPAA so they are able to complete their daily work tasks in a HIPAA-compliant way. HIPAA training will increase organisational efficiency, enhance trust in business relationships, and prevent accidental HIPAA violations and the massive resulting fines that can be applied.

While the text of HIPAA text does not outright state that training should be conducted on a yearly basis for the existing, and new members of, the workforce, it is widely regarded as best practice to do this as a minimum. This will act as a timely reminder for staff members of their legal obligations in relation to HIPAA compliance and what each worker must do to ensure that they are assisting their employer in remaining HIPAA-compliant and avoid massive breach-related financial penalties.