Who receives privacy training, and what should they learn?
HIPAA Weekly Advisor, March 8, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Who should receive privacy training and what information should be covered in the training sessions?
A: All of a covered entity's "workforce," which includes physicians, full-time, part-time, and temporary staff, as well as volunteers, must be trained on your facility's HIPAA privacy policies and their effect on individual job responsibilities. You should cover the following topics in your privacy training session:
- Introduction to HIPAA and the privacy rule
- Explanation of the privacy officer's role and job responsibilities
- Overview of your facility's privacy policies and procedures
- Explanation of all privacy forms, including the following:
1. consent
2. authorization
3. request for restriction on uses and disclosures of protected health information (PHI)
4. request to amend PHI
5. accounting of disclosures
6. complaint form
7. request to inspect and copy PHI and to implement access denial
- Explanation of who can disclose PHI
- Discussion of job responsibilities as they relate to PHI
- Explanation of the minimum necessary standard
Encourage employees to ask questions regarding the privacy policies during the training and afterwards.
The deadline for providing initial training to all staff is April 14, 2003-the same date providers must be compliant with the rest of the provisions of the privacy rule.
All employees added to the covered entity's workforce after the initial training sessions should receive privacy training as a part of employee orientation.
In addition, any time you change your privacy policies, all employees whose functions and responsibilities are affected must receive additional training.
Although not required, it is also a good idea to provide privacy training to your workforce annually both to demonstrate the importance of the regulation and to make sure your workforce understands the rules.
Document all privacy training sessions and keep records of them for at least six years. Your privacy officer should store copies of these records and place a copy in each staff member's personnel record.
Answered by Rebecca Jones, a consultant for Gates, Moore, & Company in Atlanta. Go to http://www.gatesmoore.com for more information.
HCPro, Inc., publisher of "HIPAA Weekly Advisor," offers several e-learning courses designed to train staff about HIPAA privacy issues. To learn more, go to http://www.hcprofessor.com
Excerpted from the upcoming March 2002 issue of Briefings on HIPAA.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched