4. PROPOSED TOPICS:
Review of the various aspects of the HIPAA Privacy and Security Rules, and guidelines
for protecting identifiable health information in patients’ medical records
Overview of the healthcare organization’s privacy requirements:
Patients are required to authorize disclosure of their protected health information.
Patients must be notified about the privacy practices of the healthcare
organization and their rights to their information (Solove, 2013).
Employees are required to report/ disclose any potential data breaches.
The organization's social media protocol.
How to use security technology when accessing patient information on mobile
devices and unencrypted laptops (Solve, 2013).
The organization’s required use of secure Cloud servers (Rodrigues, de la Torre,
Fernández, and López-Coronado, 2013).
The punishment and penalties the organization will issue when violations occur.
Case Studies targeted at specific departments citing privacy issues and data breaches.
5. ENSURING EFFECTIVENESS
Training will be part new employee orientation for all new hires.
Training will be offered in a face-to-face and virtual format.
Testing will be conducted after training is completed with the expectation of a 100%
score. There will be the offer of 3 attempts to achieve a 100% score.
Training will offer customized content for the various departments within the organization
(e.g. IT, billing, customer service, etc.)
The organization's program will include the Office for Civil Rights (OCR) “Patient
Privacy: A Guide for Providers” educational program that offers providers and health
care professionals to receive Continuing Medical Education (CME) and Continuing
Education (CE) credits (U.S. Department of Health and Human Services, n.d.).
Annual Training will be required for all employees of the healthcare organization; with
first priority being those who have access to patient information.
Additional training sessions will be held to enhance employee knowledge and
compliance when new developments occur that could pose a threat to patient privacy.
6. Rodrigues, J. J., de la Torre, I., Fernández,
G., & López-Coronado, M. (2013).
Analysis of the security and privacy
requirements of cloud-based electronic
health records systems. Journal of
medical Internet research, 15(8).
Solove, D. J. (2013). HIPAA turns 10:
analyzing the past, present, and future
impact. Journal of AHIMA, 84(75), 22-28.
U.S. Department of Health and Human
Services. (n.d.). Helping Entities
Implement Privacy and Security
Protection. HIPAA Training & Resources.
Retrieved from
http://www.hhs.gov/hipaa/for-
professionals/training/index.html