HIPAA Training: Because People Are Your Weakest Link
DID YOU KNOW THE NUMBER ONE CAUSE OF HIPAA VIOLATIONS IS HUMAN ERROR?
HIPAA training is the only fix for this.
After all, computers don’t click on phishing emails… Humans do.
Healthcare minus HIPAA training is a total disaster. You’re constantly stalked and trolled by increasingly sophisticated hackers while the Office for Civil Rights waits patiently for you to break one of their loosely defined rules so they can gleefully levy massive fines on your practice and blast you on their “Portal of Shame.”
If this all sounds rather daunting, that’s because it is.
You can, however, take a small bit of solace knowing that you are FAR from alone…
There is a severe lack of HIPAA training, even though it’s the missing link between HIPAA compliance and a total compliance disaster. And that’s because HIPAA is complex, HIPAA is confusing, HIPAA is cumbersome, HIPAA is scary… But why?
Part of the problem is that, while HIPAA’s laws are vague, its penalties are clearly defined and swiftly delivered. Not understanding how to NOT violate HIPAA laws, but knowing that you will be in hot water for something you don’t understand, leads to uncertainty and anxiety. HIPAA is hard to understand, and we often fear that which we do not understand. And when something is hard to understand, the most noteworthy accomplishment is mastering it.
Hence, HIPAA training is paramount.
But how do you teach something you yourself don’t understand? That’s where Petronella Technology Group (PTG) comes in!
You likely googled us because HIPAA causes you anxiety. Lucky for you, HIPAA doesn’t give US anxiety… In fact, we here at PTG laugh in the face of HIPAA auditors! Well, not literally, because that would be rude – and we are good people.
But what we mean is that we understand HIPAA, so we no longer fear it. We’ve taken the time to learn the ins and outs of HIPAA, and now we dance in time with it instead of shivering in the corner, scared it will ask us to dance. We can get you to the other side of the maze, where we are.
We don’t say this to brag. We say this so that you understand just how important HIPAA training is for not only yourself but for every single person in your practice. Once you have mastered this knowledge, you will feel so accomplished, and you’ll dare the OCR to audit you. You remember that feeling you would get when you would do your homework the night before and you couldn’t wait for the teacher to call on you? Mastering HIPAA feels just like that. But better.
If you have a medical practice, your employees are likely familiar with HIPAA. But to what extent?
- Do they know about secure passwords, and do they have privacy screens so patients can’t see what they type?
- Do they know about links, to click or not to click?
- Do they know to lock the file cabinet that holds patient files?
- Do they know how to report a breach?
- Do they know when to report a breach?
- Do they know how fast they need to report a breach?
- Do they know who they can release patient records to, and what they can release?
- Do they know what permissions they need in order to release information?
- Do they have their Alexa and Siri turned off, so they are not violating HIPAA privacy laws, as these entities are always listening?
- Do they know what security they need to have in place on their personal devices when they access your network?
- Do they know what HITECH is?
Knowledge is power, and we suggest that you arm them heavily. They should know about keylogger malware, and their devices should be protected with keystroke encryption.
HIPAA training requirements are, in the spirit of all HIPAA laws, vague. So just what is HIPAA training?
HIPAA requires both covered entities and business associates to provide HIPAA training to any members of their staff handling PHI. This means that business associates and any of their subcontractors must also be trained. Anyone who comes into contact with protected health information (PHI) must be trained.
Did you know that:
- Everyone must be trained on Policies and Procedures, and those Policies and Procedures must be in writing?
- You must have a Sanction Policy that outlines how you will handle staff who violate policies?
- You can’t use generic policy templates and be compliant?
- Your Policies and Procedures must be customized for your practice?
- There is still so much more? The most actionable of which, by the way, you will understand once you download our 9-Point HIPAA Security Checklist!
HIPAA TRAINING REQUIREMENTS
The HIPAA training requirements are more guidance than law – suggesting training should be provided:
- Periodically AND
- When certain events occur
Again, more vague language from the U.S. Department of Health and Human Services website at www.hhs.gov:
“The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities.”
This sounds like they are giving you some wiggle room, right?
In reality, this “wiggle room” delivers even more uncertainty and anxiety. They provide no standard training program or guidelines, yet you are expected to train to their standards.
DANGERS OF BEING NON-COMPLIANT
As we all know, time and space are relative, and reality is based on perception, right?
Well, help your folks to perceive this reality:
Non-compliance with HIPAA can jeopardize their employment status because it can jeopardize your practice’s continuity!!
How would your business fare if it were blacklisted? May we introduce to you…
THE HIPAA WALL OF SHAME!
This isn’t an Onion article… It’s actually a thing, this HIPAA WALL OF SHAME:
And quoting directly from this Wall of Shame (also known as the Breach Portal):
“As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary:
Cases Currently Under Investigation
This page lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights”
Any good training session starts off with a clearly defined goal. In this case, the goal is quite simple:
Avoid making this list!
And while you’re at it, avoid hefty fines.
And possible criminal charges, in certain situations.
And of course, business closure.
This is nasty stuff, make no mistake about it. We cannot stress enough the importance of training your employees.
We have stated on the record that World War III is on the World Wide Web. Your staff is your army. Hackers are landmines planted wherever they think you might step, and the Office for Civil Rights has eyes everywhere – they are keeping score, BEGGING you to mess up – and your untrained employees will do just that.
Listen to the whisper of wisdom and turn your weakest links into subject matter experts.
Never underestimate your opponent, and properly fortify your defenses. Help your people, help you.
Learn more of our insights on HIPAA here:
OPTION 1 FOR LIGHTNING
OPTION 2 FOR THUNDER