Did you know?
The Administrative Safeguards from the HIPAA Security Rule specifies implement a Security Awareness and Training for Business Associates (BA’s) program for ALL members of the workforce, including management and doctors too, as defined in 45 CFR §§ 164.308.
However, it doesn’t say HOW to implement the security awareness and training program! Yes, this is intentional, why, you ask:
Security Awareness and Training for Business Associates
The specific needs of each organization requires them to design their own unique security awareness and training program.
It will depend on several different factors:
- Functions of each employee
- Trainee or contractor who may have contact with electronic protected health information (PHI)
In order for training to be effective, it should also be focused and workforce role specific activities. *Do not overlook your temporary and volunteer workforce.
Attempting to cram every part the HIPAA Privacy and Security Rules into a 6 hour training session won’t work!
What should you do?
Instead, consider breaking your training sessions into smaller sessions using a variety of training methods and technology-based learning techniques including:
- Instructor or Classroom Training
- Interactive Methods
- On-the-Job Training
- Group Discussions & Tutorials
- Role Playing
- Case Studies
Note: Documenting ALL training could prevent HIPAA violations and/or avoid allegations of willful neglect if a violation occurs.
Remember – If it’s not documented, it didn’t happen!
Covered Entities and Business Associates need to understand patients are entrusting them with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patients, YOUR reputation, and YOUR legacy! Why are you leaving yourself wide open to potential HIPAA violations?
For tips like this and more request your copy of our “HIPAA Security Rule – Know The Rules!” Newsletter Today.