• E-mail
• Print
• RSS

Periodic reminders can help staff stay sharp on HIPAA

Nurse Leader Weekly, September 4, 2006

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

Staff receive so much training-on compliance, accreditation, Medicare fraud and abuse, and more-that it's unreasonable to expect them to remember everything after only one HIPAA training session. You may technically satisfy HIPAA's training requirement with a one-time presentation, but it won't ensure compliance.

"I'd even argue that you're not compliant if you're only providing that kind of training," says Kate Borten, CISSP, CISM, author of HCPro, Inc.'s H-mail, Third Edition: HIPAA Privacy and Security Training Reminders for the Healthcare Staff, and founder of The MarbleheadGroup, Inc., in Marblehead, MA.

By taking the HIPAA regulations in their most literal and limited sense, you're taking a business risk, says Borten. Minimal training won't necessarily prevent a privacy or security breach from occurring. And if a breach results in a lawsuit, the courts may determine that you should have been doing more, she says. You have to constantly reinforce training for the information to stick, she adds. You may choose to have periodic, informal discussions; send e-mails (see below for sample e-mails); or provide formal training sessions. What's important is that you're reinforcing what you've taught, she says.

After you conduct initial training, your job isn't done, says HIPAA consultant Frank Ruelas. "If staff aren't exposed to certain areas [every day], such as the facility directory, they can forget what they were trained to do." That's where periodic reminders come in.

Sample e-mail reminders

One way to reinforce training is with periodic e-mail reminders. Consider sending staff short messages in various formats, such as the following:

• True or false questions. For example, true or false: HIPAA protects patient data in electronic form only.

  Answer: False. HIPAA requires privacy and security protections for patient data in any form, including electronic, oral, and paper.

• Multiple choice questions. For example, HIPAA's privacy rule requires hospitals and other providers covered by HIPAA to do which of the following?

  Choices: A) Name a privacy official; B) Post a privacy notice; C) Respond to patient requests for access to their records; D) Respond to requests to communicate with patients at alternative addresses or telephone numbers; E) All of the above.

  Answer: E

Editor's note: This excerpt was adapted from Medical Records Briefing, September 2006, HCPro, Inc.

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

• E-mail to a Colleague
• Print
• RSS
• Archive