[BreachExchange] How HIPAA Violation can be Prevented with Regular HIPAA Training for Employees
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Jun 14 19:48:26 EDT 2016
http://www.groundreport.com/hipaa-violation-can-prevented-regular-hipaa-training-employees/
One of the worst nightmares for any healthcare employer is a HIPAA
violation. No one wants the government breathing down their backs because
an employee made a silly mistake and accidentally broke a serious law.
Employee HIPAA training is essential for any business or organization that
must comply with HIPAA, but how can companies best train their employees?
Well, a small session on HIPAA privacy training can go a long way. There is
not a lot of information that employees need to know in regards to HIPAA.
The knowledge they need can be summed up in about four simple steps.
Use code words- the biggest mistake an employee can make in regards to
HIPAA is to pass identifiable information about a patient to someone else
who shouldn’t know. That’s why code words are great. For example, all
volunteers and nurses may refer to patients by their room numbers at a
hospice clinic. That way, names were never used. Using codes to referring
to patients, their medication, their condition, and their payment info will
prevent most HIPAA violations.
Talk about private info in private- it’s important that employees know they
must be in private when discussing sensitive material. Every company that
complies with HIPAA should mandate that their employees not discuss patient
information while in public or even around the office. Even a slip of the
tongue while on lunch break can get a business in huge trouble, so make
sure employees know only to discuss patient information in private
settings.
Only talk about private information to other employees- an employee should
never discuss a patient’s name, medical information, or payment and
insurance information with anyone who does not work for the company.
Otherwise, there is a big risk of violating HIPAA. Even if an employee were
to utter the name of a patient to a close friend, if the other friend
recognizes the name of said patient and contacts the person, which is a
HUGE HIPAA violation. Employers may even want to consider limiting the
number of people allowed to have discussions about sensitive material.
USE MINIMAL INFORMATION WHEN DISCUSSING A PATIENT- this is extremely
important, and even a HIPAA law! When discussing anything about a patient,
make sure employees stay on the specific topic of what they are discussing!
People should not talk about a person’s pervious and current medical
condition when discussing a patient’s insurance information unless it is
100% necessary. No private information should ever be discussed about a
patient unless it is absolutely critical.
Employee HIPAA training is not difficult, for employees do not need to know
the specifics of the vastly complex law. All of the training employees
receive on HIPAA should be focused on HIPAA privacy training, for that is
the biggest risk businesses run when it comes to HIPAA laws. Employees
should be well versed on how to avoid using unnecessary information and how
to keep private information from becoming public. Privacy is key for HIPAA!
Overview training of Certified HIPAA privacy Associate (CHPA) will help
employees get the right knowledge and combined with the policies training,
companies can reduce the instances of violations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160614/d3c02c00/attachment.html>
More information about the BreachExchange
mailing list