Private Duty

Q&A: Job-specific HIPAA training

Q: As we look forward to 2021, we’re looking to utilize the most up-to-date HIPAA training strategies. I am responsible for training clinical and clerical staff annually. Do you have any recommendations for job-specific HIPAA training?

A: HCPro and TeachPrivacy, among others, are solid training provider vendors. They work to keep their training accurate and current. Annual or on-hire training is not the place to stop, though. To be effective, training needs to be ongoing. There are a number of great free posters and flyers on the internet you can use to educate staff that are fun and get the point across. You can use staff meetings, company newsletters, emailed security reminders, and other vehicles to keep the message in front of staff.

One tip mentioned during a recent cybersecurity webinar is to make the training personal. This is a matter of reminding staff that breaches are expensive, can harm the patients they are treating or assisting, and can lead to staff not getting that annual raise because the money was spent on paying to recover from a cybersecurity incident. Also, focusing on staff’s personal lives can be helpful. If you inform them of ways to protect their own financial information and other data, there is a good possibility that they will take greater care to protect both their information and patients’ PHI.

Editor’s note: Chris Apgar, CISSP is president of Apgar & Associates LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.