Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Block Hackers with HIPAA Training

HIPAA Rules require that your organization provide training to employees on privacy and security awareness. Employees should know about the law as well as your organization’s specific policies and procedures. Reminding employees of rules and regulations through HIPAA training and keeping them abreast of the most common forms of cybercrime is a smart move.

The Health and Human Services Office for Civil Rights Breach Portal lists 28 breaches that occurred in August 2018. Of those 28 breaches, 11 were due to email compromise, likely phishing. Cybercriminals use phishing emails in hopes that end users – your employees – will reveal sensitive information. Hackers also use phishing to install ransomware. Informed employees are less likely to fall prey to hackers that target your organization.

Who Needs to be Involved in HIPAA Training?

HIPAA training is mandatory for anyone who comes into contact with PHI. Who might this include? Insurance agents, doctors, employers who provide healthcare plans, dentists, nurses, human resource officers, receptionists, part-time employees/interns, and security personnel, among others. If your business associates also come into contact with PHI, they need to be properly trained, too. Don’t forget new employees! They must receive training soon after their start date. If policies and procedures change, update your materials and re-educate employees impacted by the changes.  

How to Document HIPAA Training

The Office for Civil Rights requires that you document all training each time you provide it to employees. If you’re ever audited and can’t provide documentation, you will be cited for a violation. Make sure you have proof of the privacy and security awareness education you have provided your employees by keeping sign-in sheets, signed statements acknowledging receipt of training, and computer-based records of completion or quiz results. HIPAA requirements for documenting training are covered in 45 C.F.R. §§ 164.316(b) and 164.530(j)2.

How Often Should You Offer HIPAA Training?

Any person in your organization could be the cause of a HIPAA violation or a data breach, so offering training infrequently puts your organization in harm’s way. HIPAA requires that security awareness education be performed “periodically,” but it’s in your best interest to train often. The Office for Civil Rights indicates that monthly security updates in the form of training, newsletters, email, posters, and discussions. Computer-based modules might be helpful, with additional training provided bi-annually. Annual or bi-annual sessions should be more in-depth and should cover new risks faced by organizations, as well as a recap on other pertinent HIPAA  information.

Health insurance agents and brokers must also meet the requirements of the Gramm-Leach-Bliley Act (GLBA). This law requires annual education. This will help these groups meet the requirements of both laws, in addition to protecting their business.

Total HIPAA offers everything you need to train employees? Our HIPAA Prime™ online solution includes an engaging series of video modules that provide detailed explanations, in-depth discussions and real-world scenarios for your organization. Furthermore, we send quarterly updates and compliance reminders to make sure your staff is constantly up-to-date.

In essence, curiosity, fear, and urgency are the types of emotions criminals prey upon to pressure people into clicking links or downloading information that ultimately threatens your network. Reduce the chance that the PHI your company controls can be breached. Train everyone regularly.

  1. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  2. The HIPAA Security Rule 45 C.F.R. § 164.308(a)(5)(i)

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)