GDPR and HIPAA are two Compliance Standards that have taken the industry by storm. Both the Standards have for long been a topic of discussion as organizations scramble around to ensure Compliance. While the EU General Data Protection Regulation is a data security law that came into effect in 2018, the US Health Insurance Portability and Accountability Act is a health information security law that came into effect in 1996.
To help CEs and their business associates navigate the confusing world of HIPAA compliance training, we have compiled a simple list of best practices for employee training.
We recommend training sessions are offered in shorter, frequent sessions rather than one long session.
This way, employees are more likely to stay focused and retain critical information.Do provide regular training sessions.
Each can focus on a different aspect of training, update staff on new developments, or just remind employees of the most important aspects of HIPAA Rules.Do inform employees of the consequences of a PHI breach.
These can include fines and legal action for the CE, privacy violations for patients, and even criminal charges against employees in some situations.Do include all levels of management in training.
Everybody needs a refresher from time to time, and a lack of training provided to higher levels reflects poorly on the CE in an audit.Don’t forget to document what training is provided, who it is provided to, and which subjects are covered.
