Training is required in a number of areas of the HIPAA regulations and their policy implementations at medical offices.
The HIPAA Privacy Rule includes basic protections of uses and disclosures of protected health information that every staff member must be aware of, from avoiding discussion of patient-related information outside of the office, to taking precautions when faxing information to another office. Beyond the use and disclosure provisions, there are requirements for allowing individuals to have access to their medical records and even asking for changes to their records or asking to have special restrictions placed on their records. If you want to use health information for some other purpose outside of treatment, payment, or healthcare operations, you may need to have the patient sign a proper authorization form with specific details defined by the regulations. If your staff is not aware of all of these restrictions and requirements, and more, you may be jeopardy of violating HIPAA requirements. As for the Security Rule, extensive policies and procedures are needed to implement physical, technical, and administrative safeguards required by the rule, covering everything from how to properly use electronic systems, to how to position computer monitors, to how access should be terminated when a staff member leaves your practice, and much, much more.
Why Should You Attend:HIPAA has always required that the workforce be trained in your policies and procedures for protecting the privacy and security of protected health information (PHI), but the training provided years ago may be outdated and your workforce may have changed significantly since then. Ask your staff about a few of the policies and procedures you put in place in 2003 and you will find that many are poorly informed, putting you at risk for HIPAA violations. Now there are new, increased penalties for HIPAA violations and a new auditing process is being developed so that HIPAA covered entities will be subject to reviews by the US Department of Health and Human Services` Office for Civil Rights even if no one files a complaint. If you haven`t kept up with training, you could be liable for willful neglect penalties that begin at $10,000 minimum and go up from there. You need to be sure that training is provided so that all your staff knows about the Privacy-related training requirements, and the training for Security-related topics is required even for management according to the regulations. What`s more, with the breach notification regulations established in 2009, you have a time limit to respond to any breaches, and if staff is not trained properly, your response may not meet Federal requirements. With the ever-increasing use of electronic records and systems, and changes in how you do business, now is the time to review and renew your training program and avoid violations and penalties for non-compliance.
Areas Covered In the Session: - Required topics under the HIPAA Privacy Rule
- Required topics under the HIPAA Security Rule
- Required topics under the HIPAA Breach Notification Rule
- New requirements under changes to HIPAA
- Making sure your staff knows how to respond to questions from patients
- Making sure your staff knows how to respond to incidents that may involve breaches
- Making sure your staff knows how to treat health information outside the office
- Instituting the policies and procedures necessary to protect health information
- Creating your training program
- The topics to cover in formal training
- The topics to cover in informal training, such as reminders
- The policies and procedures necessary to implement your training program
- The place of quizzes and tests in ensuring transfer of knowledge in training
- Auditing the effectiveness of your training program
- Being prepared for an audit of your training program by the HHS Office for Civil Rights
- Penalties for non compliance with requirements for a HIPAA training program
Who will benefit: - Compliance Director
- CEO
- CFO
- Records Manager
- Privacy Officer
- Security Officer
- Office Manager
