2. Training
While there is no guarantee within an
organization that all employees will honor
confidentially in the workplace, legally providing
training in this area can assist with an liability.
There are several method of training that can
assist with providing adequate training and
follow up for sustainability.
3. It is the responsibility of the organization to train all staff on patient confidentiality. The standard “I didn’t know” is no longer
accepted as a reasoning to expose private health information. The HITECH Act has now made this a priority. As noted, “Employees
who violate the rules because they don't know them make inviting targets for new enforcement initiatives under the Health
Information Technology for Economic and Clinical Health (HITECH) Act.The lesson for all offices is to train employees on
HITECH and on new and existing Health Insurance Portability and Accountability Act (HIPAA) rules. It is imperative to understand
the penalties for workforce mistakes and the effects it could have on your practice and your staff.”(Salz, 2013)
Some key areas to focus your employee training on is privacy, security, unsecured breaches,HIPAA rules and regulations. Also
providing an understand of how these rules and regulations affect your organization and their employment is critical. With the new
ways of training, many organizations are utilizing online systems that can monitor the completion of the training and test the
employee at the end. This has be most successful due to having documentation of keystrokes, quizzes and a final test for employees
as proof of successful completion; done annually, during the first 30 days of hire and with any IT upgrades.
Notifying employees of any changes to privacy rules and new security measures is also prevalent in order to stay compliant as an
organization and provide ongoing training. The follow key areas should be the focus of training:
● PHI
● HITECH Act
● HIPAA
● Passwords
● Sharing Patient Care Information
● Personal computer usage with company equipment
● Social Media and Patients
4. There is also another area that needs to be addressed. With the new “Cloud” technology, organizations need to make decisions
about advanced IT purchases. This type of investment can allow more breaches in security and provided more avenues for not
only clinically staff to be susceptible to privacy breaches, but IT and computer hackers can also have privy to patient care
information. As noted, “Patient information in the electronic realm is information that is vulnerable. The efficiencies and
clinical supports made possible by the electronic use and sharing of medical data come with a whole new set of threats,
medical identity theft among them. Health systems that choose to migrate their information technology services to the
universe of virtual computing-the cloud-will face still other security challenges.”(Birk, 2013) With this in mind, continuous
training is essential as an organization makes decisions to upgrade any Healthcare IT systems. The best way to handle this is
seeing IT and privacy and security as one in the same.
Ultimately, each organization, based upon size and organizational structures need to decided the best method of training.
However, what is important is to make sure training is provided continuously and with a system that will provide whether the
employee has understood the laws.
5. References
Birk, S. (2013). Protecting patient medical data: The C-suite's role. Healthcare Executive, 28(5), 20-2, 24, 26 passim.
Salz, T. (2013). HIPAA: Training critical to protect patients, practice. Medical Economics, 90(18), 43-44,47.
