{"id":978,"date":"2020-03-06T09:56:46","date_gmt":"2020-03-06T14:56:46","guid":{"rendered":"https:\/\/apexcompliance.net\/?p=978"},"modified":"2020-03-21T13:48:05","modified_gmt":"2020-03-21T17:48:05","slug":"hipaa-compliance-training-requirements","status":"publish","type":"post","link":"https:\/\/apexcompliance.net\/blog\/2020\/03\/06\/hipaa-compliance-training-requirements\/","title":{"rendered":"HIPAA Compliance Training Requirements"},"content":{"rendered":"
First, a few things that ARE NOT required for an effective HIPAA staff training program:<\/p>\n
So why are these things common elements among so many HIPAA training courses?<\/p>\n
Partly because that\u2019s what people expect \u201ctraining\u201d to look like, and partly because that\u2019s what they\u2019re selling, not what you need.<\/p>\n
The truth is, HIPAA regulations are incredibly vague about training requirements.\u00a0 Annual training for employees is mandatory. But there are no guidelines whatsoever that specify the form or content of that training.<\/p>\n
In developing a training program for HIPAA purposes, you should realize that you ultimately want to achieve two goals:<\/p>\n
First, you need a program that will get your organization to the all-important \u201cgood faith effort\u201d standard for compliance purposes.<\/p>\n
Second, you need a program that will provide your organization with the best possible protection against breaches, errors and violations.<\/p>\n
Keep these two goals separate in your mind right from the start, because prioritizing your efforts separately will keep you from falling into the Goldilocks trap. This is the tendency to keep refining and fine tuning the details, trying this and researching that, until your training program is \u201cjust right.\u201d Working on developing a training program that you will implement as soon as it is ready DOES NOT get you into compliance.<\/p>\n
With HIPAA regulations, it is not<\/em><\/strong> the thought that counts.\u00a0 As far as the HIPAA auditors and investigators are concerned, either something is done or it is not done. And by the way, if it is not documented, it is not done. Make a note of that and keep it in mind:<\/p>\n If it is not documented, it is not done.<\/strong><\/p>\n \u00a0<\/strong>You must keep and maintain records of all phases and aspects of your HIPAA compliance program, including your training program. Investigators may look at your records going back as far as six or more years, depending upon when the requirement in question went into effect.<\/p>\n Precisely what you really need in a training program will depend on your circumstances. Please note that these considerations are not part of any mandatory guideline, as no specific guidelines exist. Rather these are recommended best practices based on the education, training and experience of the editorial staff at Apex Legal Publishing.<\/p>\n Mandatory annual training is one of the easiest, quickest and least expensive components of an effective HIPAA compliance program. It can be completed independently of the completion of the comprehensive risk assessment or development of the written policies.<\/p>\n If your organization does not have on ongoing training program and is starting from scratch, you should immediately get a training program in place. <\/strong><\/p>\n Implementing and completing a basic training program will get you into compliance, which is the first critical objective. Additional or supplemental training for specific roles or circumstances should be added as you develop them to better protect your organization and the information relating to your clients or patients.<\/strong><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":" First, a few things that ARE NOT required for an effective HIPAA staff training program:<\/p>\n So why are these things common elements among so many HIPAA training courses?<\/p>\n Partly because that\u2019s what people expect \u201ctraining\u201d to look like, and partly because that\u2019s what they\u2019re selling, not what you need.<\/p>\n\n
\n
\n