• E-mail
• Print
• RSS

How much is enough when it comes to HIPAA training?

HIPAA Weekly Advisor, May 31, 2004

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: I train all present and incoming staff at a behavioral health facility for children. How often should we require HIPAA training for employees?

A: There is no hard fast rule on how often employees should be trained when it comes to HIPAA compliance. Additionally, you shouldn't train every employee at the same level. On a regular basis (e.g., quarterly), give the most intense training to employees who have the most access to protected health information (PHI). On the other hand, employees who rarely access PHI may only need a brief, initial educational session on HIPAA compliance, followed up by a yearly refresher course. How often and how much you need to train your employees to feel they have an appropriate understanding of HIPAA compliance is a judgment call.

All employees joining your organization should be trained, if they have access to PHI. In addition, all employees leaving your workforce who had access to PHI should receive final training on how that protected information must remain with the company, and not be disclosed. All trained employees should sign an acknowledgement of training for documentation purposes. Document your training procedures in the employee policies and employee handbook.

Keep in mind that once an employee is trained, it's not the end of the story. Follow-up, like alerting employees of changes in applicable laws, is crucial for continued compliance. It is also critical to oversee the employees' workforce activities to determine if they are practicing their training.

This question answered by Cheryl S. Camin, JD, MPH, an associate in the Corporate/Health Law Practice Group of Gardere Wynne Sewell LLP in Dallas, Texas.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive