You may have done plenty of HIPAA training in the past. But if your training material did not include the new regulatory requirements mandated in 2013, it is obsolete. We recommend a more holistic approach than traditional methods, as outlined below. Make sure training has been completed before providing somebody with access to your PHI.
Training Goal
The primary goal of your HIPAA training program should be to create a “culture of security”. When people understand the “Why’s”, they’ll better understand and accept the “How to’s”. This leads to an “all hands on deck” environment in which everybody is focused on protecting sensitive data. If staff views PHI like it is money, you’re on the right track.
Basic Training
For a good foundation, we recommend the HIPAA training material from Truvincio. They offer a cost-effective, on-line training program structured into easy-to-digest modules. As an added bonus, you can track the progress of staff members as they make their way through the modules and document completion.
Policies & Procedures
In addition to the Basic Training, you should train staff on your data security policies & procedures. This helps ensure that everybody is “on the same page”. It is also a good idea to maintain documentation of this training (who attended, date, topics covered). This will come in handy in an audit situation.
Reinforcement
For best results, reinforce your training with periodic reviews and reminders of the training material, policies, and procedures. Staff meetings provide a good opportunity to do this over time. Use examples and encourage Q&A. Again, document your reinforcement activities. Check out our exclusive Security-Tip of the Week program for an easy and affordable way to raise staff awareness.