• Home
    • » e-Newsletters

HIPAA training: Best practices for better success

HIPAA Training Advisor, February 7, 2008

Editor's note: In this article three experts share their experiences with respect to HIPAA training, and offer their ideas and suggestions for how to more effectively train staff members based on their own personal trials and tribulations.

Identify strengths and weaknesses

Sit down with pad and paper and list what you perceive to be your facility's strengths and weaknesses. Christine Griffin, JD, privacy manager at Massachusetts General Hospital (MGH) in Boston, says the first challenge most providers face is determining what their employees already know about HIPAA.

"Some people have tremendous experience, while others may be working for a healthcare provider for the first time," says Griffin. "The key is to provide a sufficient base of knowledge, as well as convey to employees what resources are available to them and who to contact if they have questions."

That's why thinking outside the box is so important, says Holly Ballam, RHIA, privacy officer at Beth Israel Deaconess Medical Center (BIDMC) in Boston. "Because our facility is so large, it is hard to wrap training and education up in one little package. We have had to be creative in training and educating our staff," she says.

Keep staff members interested

Griffin has also found a creative way to present HIPAA information so that it is informative and ensures that students remain attentive. Griffin says she uses real-life situations to illustrate compliance points, because this keeps staff members interested in the training.

Injecting humor into your presentation is helpful, says Peggy Presbyla, RHIA, CHP, health information management director and privacy officer at James Square Health and Rehabilitation Centre in Syracuse, NY. "The new employees are having so much information crammed in their heads that I am not sure they are retaining anything," she says. "So I try to use as much humor as I can to keep them awake."

Presbyla also recommends making the training as interactive as possible. "It makes them think," she says. "I give them scenarios of situations and ask them for their input."

The training at MGH focuses primarily on what HIPAA is, why it's important, how it affects employees' responsibilities, and what rights it provides patients, says Griffin.

"We try to use topics in the news that people can relate to, like the George Clooney incident where 27 employees were suspended without pay for a month because they accessed his record without a 'need to know,' " says Griffin. "We explain how the privacy office conducts audits on random and high-profile patients, as well as complaint-based [audits]."

Presbyla recommends that providers monitor known problem areas-situations where staff members aren't always certain of the correct response. "These are really the situations in which staff does not disclose information when they can. They are afraid of being fined, so they tend to hide behind the HIPAA curtain," says Presbyla.

Ultimately, Presbyla asks staff to use common sense when making decisions about whether to disclose patient information. "I tell them that 'when in doubt, don't give it out, but do check it out,' " Presbyla says.