This week, we are posting a guest blog from our friends over at GRA. They are one of our preferred partners and specialize in helping insurance agents with their HIPAA Compliance. They use our training and compliance materials and customize them for your agency. If you think you need help with your HIPAA compliance program, you can either contact them directly, or let us know, and we will put you in contact with them. Now, onto the blog-
When was your last HIPAA training?
Have you ever discussed HIPAA at an employee meeting?
If you said no, then you are not in compliance with HIPAA.
HIPAA law states that you need to implement a training program for all your WorkForce members as well as leaders and executives. The periodic training program should include updates on the law, review of password procedures, log-in monitoring and reminders on protection against malware.
As a HIPAA requirement, it is important for all employees to be trained, even if they don’t directly deal with PHI. If they have access to the same server, same work area or interact regularly, they may still unintentionally handle PHI; therefore, they need to be trained how to properly handle it and how to report a breach of PHI.
By choosing not to implement a training program or include all WorkForce members in that program, your company is at risk for a greater fine if there is an audit.
Insufficient HIPAA training has been cited by the Department of Health and Human Services’ Office for Civil Rights in HIPAA breach investigations and resolution agreements. That includes a $1.7 million resolution agreement with the Alaska Department of Health and Social Services.
Training shouldn’t be a one-and-done process. HIPAA is always changing and new guidance is released every few months. Periodic reminders are essential. All new employees should be trained before they begin their duties. We recommend all current employees be trained at least annually.
Finding a cost-effective training approach that yields good results can prove challenging. Some agencies create their own program, dedicating an employee and months of work to the process. Others outsource to a generic training company that is not HIPAA experts for health insurance agencies.
GRA Benefits Group offers a program specific to insurance agents. Our training module is explained in terms agents and customer service reps can understand. Monthly email reminders are specific to the employee’s role at the company.
We ensure your employees are up-to-date and save you the hassle of keeping up with changes. To learn more, download our product details.
By: Bridgette O’Connor