This document outlines the requirements for HIPAA compliance training for UCLA staff. It states that staff must be trained on maintaining patient privacy, protecting health information, and reporting any violations. Training must be provided upon hiring, annually, and whenever policies are updated. It also details specific topics to cover including HIPAA rules, safeguarding oral, written and electronic protected health information, and consequences for non-compliance. Documentation of all training is required.

2.  Ensure that the right health information is
flowing to the right people at the right
time.
 Ensure staff know the importance of
keeping patients’ protected health
information (PHI) private & secure at all
times.
 Provide appropriate workforce training
to build & maintain a culture of
compliance with HIPAA Rules

3.  HIPAA Education
 UCLA Policies & Procedures (HIPAA)
 Staff Training
 HITECH Act of 2009 & Enforcement
 Safeguarding Information: What can you
do?
 Protecting Electronic Information
 Report any violations you witness

4.  HIPAA Education
 Privacy Rule Provisions
 Use and disclosure
 Minimum Necessary Rule
 Patient authorization
 Notification of Privacy Practices
 Who are business associates?
 Each staff member must be given a copy
of the privacy & security policies
 Each & every staff member must sign for their
copy as proof they received the policies
 Each staff member must understand his or her
privacy & security responsibilities

5.  Consequences for non-compliance
 Actions will range from further training to
dismissal/termination
 How HIPAA affects you
 Managers must establish importance of health
information privacy
 Everyone at UCLA should see themselves as
responsible for privacy & security of health
information
 Make privacy part of the daily operation
 Create a culture of compliance
 Treat PHI as you would treat the patient

6.  Training Sessions staff must attend &
complete
Upon hiring
Training based on job requirements
As policies are updated or changed – UCLA
& state & federal
Annual compliance training
 Document all training
Who received training?
When?
What did the training include?

7.  HITECH Act of 2009
Health Information Technology for Economic
and Clinical Health Act (HITECH) gave
Department of Health and Human Services
(HHS) greater authority when imposing civil
money penalties for HIPAA violations
 Penalties
$1.5 million: maximum penalty per year per
violation
States may also pursue civil actions

8.  All UCLA staff members & volunteers are
obligated to maintain a patient’s privacy &
safeguard protected health information
Safeguards to use in your daily activity:
 Oral communication – discussions on need-to-
know basis
 Photocopiers – do not leave copier when making
copies
 Fax machines – only fax information if absolutely
necessary
 Disposal of confidential information – only in
appropriate designated containers

9.  Staff must take actions to ensure that health
information that is stored electronically is secured
against unauthorized access.
 Create complex passwords & protect your
password
 Protect your computer from viruses – do not open
attachments from unknown sources
 Appropriate use of email – proper use will prevent
accidental disclosures of PHI
 Take precautions to protect confidential
information when printing
 Only use the Internet in a way that does not violate
UCLA policies
 Only store confidential information & PHI on
network shared drives

10.  Immediately report inappropriate use of
patient information.
If you fee that a patient’s privacy or
confidentiality has been violated, you are
obligated, as an employee of UCLA, to
report it to your manager or the privacy
officer.
 If you wish to remain anonymous, you
can call:
UCLA HIPAA Program Office
Compliance Helpline

11. Barten, L. (2013). HIPAA employee training requirements.
Retrieved from http://smallbusiness.chron.com/hipaa-
employee-training-requirements-2013.html
Department of Health and Human Services (HHS). (2013,
January 25). Federal register, 78(17). Retrieved from
http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-
01073.pdf
McKay, M. (2013). Employee HIPAA training. Retrieved from
http://smallbusiness.chron.com/employee-hipaa-training-
696.html
Rodriguez, L. & Pitts, J. (2013, June 23). HIPAA and you:
Building a culture of compliance [Powerpoint
presentation]. Retrieved from
http://www.medscape.org/viewarticle/762170_transcript
UPMC Horizon. (2010, February). HIPAA privacy & security
awareness training for students. Retrieved from
http://www.upmc.com/locations/hospitals/horizon/career
s/Documents/hippa-training.pdf