If you have been following along with my latest blog posts, you saw that when the OCR performed their Pilot Program for HIPAA audits, one of the areas where providers tend to be the most non-compliant is in the area of employee training.

You may be thinking, well that’s easy; I will just have my employees go on-line and complete a training course. Unfortunately, although your employees may learn something, purchasing a “canned” HIPAA training program will not make you compliant with the HIPAA rules for training.

Why, you ask?

When it comes to HIPAA training for employees, the training MUST be based on YOUR policies and procedures and according to their job functions.

The Regulation States:

164.530 (b) (1) Standard: Training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.

(2) Implementation specifications: Training.

(i) A covered entity must provide training that meets the requirements of paragraph (b)(1) of this section, as follows:

(A) To each member of the covered entity’s workforce by no later than the compliance date for the covered entity;

(B) Thereafter, to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce; and

(C) To each member of the covered entity’s workforce whose functions are affected by a material change in the policies or procedures required by this subpart or subpart D of this part, within a reasonable period of time after the material change becomes effective in accordance with paragraph (i) of this section.

(ii) A covered entity must document that the training as described in paragraph (b)(2)(i) of this section has been provided, as required by paragraph (j) of this section.

So we see, the HIPAA training must be conducted and documented:

    • Based on your Policies and Procedures and that workforce members job function
    • By the compliance date
    • Within a reasonable period of time for new workforce members
    • Within a reasonable period of time if material changes are made to your HIPAA Compliance Program

HIPAA Training for employee is simple if you use these simple rules.

Some HIPAA Programs, like PRS’s HIPAATrack  come with complete employee training, so that you are assured your employees have the appropriate training to comply with the HIPAA Rules.