OSHA & HIPAA Compliance Made Easy
OSHA & HIPAA Compliance Made Easy
With 25+ years of OSHA experience and one of the nation's only Certified HIPAA Professionals, Smart Training makes compliance not only manageable but easy! We want to address your concerns, so comment and have your questions answered by the experts!
Smart Training

Is a Lack of Employee Training a HIPAA Violation?

Is a Lack of Employee Training a HIPAA Violation?

10/27/2020 8:24:32 AM   |   Comments: 0   |   Views: 640

The short answer: yes. A lack of employee HIPAA training is a violation of the law.

It is not enough to train your employees about the law. The training must be HIPAA-certified. Certified means there is proof of employee retention. For example, exam scores after training. 

After a data breach, you will have to give records of employee training. If you can provide these records, your practice is likely to face less severe penalties. Fines increase with willful neglect.

Why care About HIPAA Training?

Penalties already increased in 2019, as outlined by HIPAA Journal

According to Channel Futuresexperts predict penalties will increase in 2020. The government will most likely make up for budget cuts with increased enforcement. 

Let’s forget about fines. Let’s talk about patient trust. After a data breach, you must follow the Breach Notification Rule. You must provide notification of the breach to patients, the Secretary, and sometimes the media.

A data breach could destroy patient trust in your practice. As a result, your patients might leave for a different practice.

Who Needs to be Trained?

Any employee who encounters Protected Health Information (PHI) needs to be trained. Of course, this includes doctors, dentists, and nurses. But you also need to train other employees. For example:

  • Interns
  • Sanitation workers
  • Administrators
  • Receptionists
  • Researchers
  • Volunteers
  • Business Associates 

What Should be Included in Training?

What to include in your HIPAA employee training, according to HIPAA Journal:

  • What is HIPAA?
  • Why is HIPAA important? 
  • HIPAA definitions
  • Rights of patients
  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • Disclosures of PHI 
  • Safeguarding ePHI
  • Breach notifications
  • Violations
  • Business Associate Agreements
  • Employee Sanctions

When do Employees Need to be HIPAA Trained?

Employees need to receive training:

  • Within a reasonable amount of time after hire
  • When there is a change to policies that affects their job
  • Periodic refresher training

“A reasonable amount of time” and “periodic” are vague and up to interpretation. However, most experts recommend giving employees HIPAA training annually.

Does lack of Training Cause Violations?

A lack of training is a violation. But not training your employees also causes data breaches.

Becker’s Hospital Review states untrained employees are one of the most common causes of data breaches.

Similarly, CloudApper writes, “While organizations cannot prevent external breaches all the time, most of the internal ones can be prevented.” 

How can you make your Practice Compliant?

Our compliance experts specialize in HIPAA, so you don’t have to.

Check out Smart Training’s HIPAA 101 and Business Associates HIPAA Training module. We also offer upgraded packages that include:

  • HIPAA Risk Assessment
  • HIPAA Policies and Procedures
  • Up-to-date patient privacy documents

Compliance is a full-time job; Smart Training is here to help.

You must be logged in to view comments.
Total Blog Activity
Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos
Sally Gross, Member Services Specialist
Phone: +1-480-445-9710
Email: sally@farranmedia.com
©2022 Hygienetown, L.L.C., a division of Farran Media, L.L.C. • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450