• E-mail
• Print
• RSS

How can we effectively train business associates to be HIPAA-compliant?

HIPAA Weekly Advisor, February 22, 2002

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: How can we effectively train business associates to be HIPAA-compliant?

A: Providers aren't required to educate business associates, but it's a good way of ensuring that they remain HIPAA-compliant. The following are a few methods your facility can use:

1. CD-ROMS or videocassettes
A number of vendors are offering CD ROMs that contain educational sessions about HIPAA and its requirements. Additionally, your organization can create a specific education session, and save it on a CD ROM or videocassette to distribute to your business associates.

2. Web-based education
Like with CD-ROMs, there are a number of vendors offering HIPAA courses that will more than satisfy your HIPAA education needs. Additionally, there are Web vendors that will host your internally developed education session on the Internet, allowing your business associates to access the course via the Web.

3. Customized workbooks
Put HIPAA information on paper, and create a workbook that can be distributed to all of your business associates.

4. Seminars
The traditional seminar style education allows you to present a live education session to your business associates.

Draft an acknowledgement form
No matter what type of education you choose, draft an acknowledgement form for the business associate to sign. This acknowledgement form will certify that they attended the education session, in whatever form it was offered, understood the material, agree to comply with it, and have had an opportunity to ask questions. Keep this signed acknowledgement form in a safe, secure place, such as along with the business associate contract.

Include the following topics in your education program:

• An overview of HIPAA; what it is, why it was enacted
• Explanation of all the regulations, both final and proposed, focusing specifically on PHI, minimum necessary and patient rights
• Time frames for compliance
• Your organization's HIPAA plans
• Your expectations from business associates regarding HIPAA compliance

That is a list of what minimally should be covered. Your education syllabus can include additional topics. Additionally, it is important to remember that education is not complete with one session of training. Continue to educate your business associates as rules change or are finalized, or as your organization's internal processes change.

Editor's note: Adapted from the upcoming special report, "Managing Business Associates: Ensure that your partners are HIPAA compliant," and answered by Jon Kweller, JD, LLM, vice president of compliance and regulatory services at QuadraMed Corporation, in Englewood, CO. Look for next week's HIPAA Weekly Advisor for information on how to order.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive