Corporate Compliance

Tip: Go beyond HIPAA training requirements

Compliance Monitor, February 23, 2011

Your HIPAA training content should include privacy and security, but you should also train your workforce on other information resources that need protection, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.

All confidential information needs protecting, including payroll and human resources information that may include names and Social Security numbers, confidential business strategies, and legal matters.

Provide staff members with examples of PHI and identify other information you want to keep confidential. Describe threats to privacy and security, including both internal and external threats. Make staff aware of threats from actions such as phishing, scams, and identity theft. 

Train staff on what to do if they see someone suspicious in your facility without an ID badge. Encourage them to ask the person, without being rude, if he or she needs help or directions. If the person declines help, your staff should know where to report their suspicions.

This tip was adapted from the March 2011 issue of Strategies for Health Care Compliance. More information about Strategies for Health Care Compliance is available at the HCMarketplace.

Most Popular