- Home
- » e-Newsletters
Conquer privacy training at your LTC facility
HIPAA Training Advisor, March 20, 2008
There is no question that the challenges LTC facilities face in terms of privacy and security compliance are unique. Most notably, the relationships that develop among staff members, residents, and residents' families often blur the lines between harmless communication and dangerous PHI exchange.
Regular training and ongoing awareness communications are essential to ensure that staff members understand their responsibilities with respect to safeguarding information.
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, an information privacy, security, and compliance consultant at Rebecca Herold & Associates, LLC, in Van Meter, IA describes the primary obstacles to privacy and security compliance as:
- Lack of privacy and information security education expertise or background. In many LTC facilities, there are few, if any, staff members with sufficient training with respect to information security and privacy issues and pertinent laws. When an LTC facility relies solely on its own personnel to provide training and awareness communications, the education provided may be ineffective, inadequate, or completely inaccurate.
- Lack of funding for training and awareness. Most LTC budgets leave little room for implementing information security and privacy controls or providing training and awareness materials. Lack of funding often results in insufficient or ineffective training at best.
- Lack of management support. An obstacle that can slow progress toward an effective compliance program for LTC facilities is a lack of support from management. Staff members are not likely to participate in training sessions, read awareness communications, or participate in awareness activities if management does not communicate the importance of these activities. Management must actively support information security and privacy training and awareness and make it clear that participation is mandatory.
This potentially puts PHI at even greater risk as a result of staff members who are trained with bad information. Assign someone knowledgeable about HIPAA, information security, and privacy to provide training and awareness communications and to answer staff members' questions.
LTC facilities can ask local information security and/or privacy organizations whether any of their members can provide training and/or awareness communications. Organizations such as the Information Systems Security Association, the International Association of Privacy Professionals, and the Information Systems Audit and Control Association have members who might have the necessary expertise. Internet searches are another method of finding information security and privacy experts nearby.
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- New FAQ posted on storing laryngoscope blades
- Q/A: Coding for telescopic intraocular lens
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- What does case-mix index mean to you?
- HHS task force: Consider privacy, security with text messages
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- Searched