You can have all the HIPAA training in the world, but if you're not enforcing and practicing daily what you've learned, you're leaving your office open to potential federal penalties or lawsuits for noncompliance. 1. Know what HIPAA is. You should be able to articulate in simple terms what HIPAA is and what it aims to protect, Nutten says. You have to protect your patients' health information. "They [coders] need to walk away from training understanding that everyone has the right" to have his personal health information (PHI) kept secure, she says.
To help your office stay in the clear, we offer this primer to ensure that you've retained the info. While training methods and materials will vary from one practice to another, there are at least six vital pieces of information you should know once your training is completed, says Sandra Nutten, a senior management consultant at The Chi Group of Superior Consultant Company in Ann Arbor, Mich.
2. Know who your privacy officer is. It's vital that you (and all staff members) know who your practice's privacy officer is, Nutten says. Otherwise, you won't know where to turn with potential privacy breaches you may encounter during your day, she adds.
3. Know your PHI limits. At the end of your training, you should know your level of PHI access, Nutten says. This knowledge will enable you and other staffers to conduct "self-audits" regarding their use of -- or exposure to -- PHI.
4. Know where to get a copy of your privacy notice. You and your coworkers should know where to locate or obtain a copy of your notice of privacy practices, Nutten says. "I'd like to know that anyone in our workforce would be able to point to a placard or the Web page or the handout."
5. Know what to do when you see a privacy violation. Complacency is a threat to any HIPAA-compliant entity, Nutten says. Therefore, you must know your practice's protocol for reporting a potential privacy violation or inappropriate PHI disclosure, she says.
6. Know that patient care still comes first. "HIPAA wasn't ever meant to direct us on how to care for our patients," Nutten says. It is meant to direct you on how to keep patients' information secure. Protect patient information when you can, but remember that these rules are never intended to get in the way of patient treatment, Nutten says.