• E-mail
• Print
• RSS

Stop stumbling through your HIPAA privacy and security training: Expert advice for common concerns (part two of three)

HIPAA Training Advisor, April 17, 2008

HIPAA privacy and security officers have been asking themselves the following questions for years:

• How frequently do I need to train staff?
• What do staff members actually need to know?
• Which training method is most effective, and what will it cost me?

If you’re still struggling with your training or questioning whether your training program is HIPAA-compliant, let our experts be your guide as you create a training program that meets HIPAA requirements and fits your needs.

In this week’s issue, we’ll explore how to provide your staff members with targeted—and thus effective—training.

Different jobs require different training

“There are many reasons why you want to provide training that is based on specific job duties, because different staff members need to know different things,” says Mary D. Brandt, MBA, RHIA, CHE, CHPS, president of Brandt & Associates, Inc., in Bellaire, TX.

For example, registration staff members need to know about the Notice of Privacy Practices, while the medical records department has very different needs, says Brandt. Registration staff members should know about the types of patient data that they may release to patients, their families, and other outside parties. Staff members who work in the billing department need to know how to respond to inquiries about patient bills; they need to be aware of what information they may and may not release.

Meanwhile, nurses at your facility probably don’t need to know how to protect privacy as it relates to billing inquiries, and registration staff can probably safely ignore the privacy rule’s provisions for marketing.

Susan A. Miller, JD, independent consultant and chief operating officer of Health Transactions in Concord, MA, recognizes that not everyone needs to be an expert on all aspects of HIPAA. “Do your research and make sure you understand how the regulations impact the job functions of your staff,” she says.

Effectively tailoring your training program so that it meets the needs of various staff members requires you to conduct a needs assessment at your facility, say Brandt and William M. Miaoulis, CISA, CISM, manager of HIPAA security services at Phoenix Health Systems in Dallas. “It is virtually impossible to develop effective department-specific training without the input of those who are going to be trained,” says Brandt.

Speak with each group of staff members to learn exactly what they do on a daily basis and how they interact with PHI as they work. Consider asking them the following questions: 

• What constitutes a typical day in your department?
• With whom do you interact as you work? (Consider both staff members and external parties.)
• Which paperwork passes through your hands on a regular basis? 
• What questions do you typically receive by phone? 
• What would help you increase your comfort level with respect to protecting privacy as you hold conversations with patients, families and/or third parties? 
• Have you ever run into situations where you weren’t sure how to protect privacy while doing your job?

Asking these questions will help you tailor your training program to meet the needs of your work force.

• E-mail to a Colleague
• Print
• RSS
• Archive