Remember that every employee needs refreshers.
Every person in your practice – physician, CRNA, or office staff – needs to always be up-to-date on HIPAA training. Why? Because making sure everyone is fully educated on the laws and how to comply with them can save your practice/facility a heap of trouble by preventing future breaches.
To help your office stay in the clear, consider the following eight steps that can help you stay on top of the regulations. Although training methods and materials will vary from one practice to another, these eight parameters are a good starting-point foundation.
1. Know what HIPAA is. Your staff members should be able to articulate in simple terms what HIPAA is and what it aims to protect. You have to protect your patients’ health information, and your coders and billers should walk away from training understanding that everyone has the right to have his personal health information (PHI) kept secure.
2. Know who your privacy officer is. It’s vital that you and all staff members know who your practice’s privacy officer is. Otherwise, you won’t know where to turn with potential privacy breaches you may encounter during your day.
3. Know your PHI limits. At the end of your training, your staffers should know their level of PHI access. This knowledge will enable your employees to conduct “self-audits” regarding their use of — or exposure to — PHI.
4. Know where to get a copy of your privacy notice. You and your coworkers should know where to locate or obtain a copy of your notice of privacy practices. Anyone in the office should be able to point to the handout.
5. Know what to do when you see a privacy violation. Complacency is a threat to any HIPAA-compliant entity. Therefore, you and your entire staff must know your practice’s protocol for reporting a potential privacy violation or inappropriate PHI disclosure.
6. Remember that patient care still comes first. HIPAA wasn’t ever meant to direct you on how to care for your patients. It is meant to direct you on how to keep patients’ information secure. Protect patient information when you can, but remember that these rules are never intended to hinder patient treatment.
7. Don’t stop at the top. If you’re planning to educate only your managers in hopes that the crucial information will trickle down to your frontline staff, you need to reassess your strategy. The rule is very specific about having everyone in your organization trained on privacy.
8. Consider creating a script. There’s nothing wrong with preparing responses in anticipation of certain patient questions about HIPAA. For example, when patients come into your office, your employees can use a script to present them with your notice of privacy practices and to answer common questions they may have regarding the form. You should tailor your scripts to your office’s most frequently-asked questions and your staff members’ comfort levels. For instance, if patients ask what their privacy rights are, you can hand them the form and say, “Your rights are set forth clearly in the notice of privacy practices. After you review the notice, I would be happy to have our privacy officer discuss them further with you.”