This slideshow was made based off of an article that we had to read for a Health Care Administration Capstone class. We were to discuss how we, as managers, would implement HIPAA trainings to employees to avoid breaches.
2. HIPAA stands for Health Insurance Portability and
Accountability Act
It was established in 1996 and passed by the U.S. Congress
HIPAA regulations include four main components:
◦ Establishes limits for appropriate use and release of
healthcare information
◦ Provides individuals with more control over their health
information
◦ Requires the majority of healthcare providers and their
agents to comply with safeguards to protect individual
privacy related to healthcare information
◦ Delineates a set of civil and criminal penalties holding
HIPAA regulation violators accountable if the patient’s
confidential healthcare privacy is compromised (p. 20).
Source: HIPAA -- the health insurance portability and accountability act: what RNs
need to know about privacy rules and protected electronic health information.
(2011). National Nurse, 107(6), 20-27
3. After HIPAA was passed, The Department of Health
and Human Services (HHS) established the Privacy
Rule
The Privacy Rule further clarified information that
pertained to HIPAA
5 key principles to the Privacy Rule:
◦ Consumer control
◦ Setting of boundaries
◦ Accountability
◦ Public responsibility
◦ Security (p. 390)
Source: Wolper, L. (2011). Health care administration: Managing organized
delivery systems. Sudbury, MA: Jones and Bartlett Publishers
4. HIPAA trainings should be conducted annually by all
employees
Employees should be emphasized about the
importance of HIPAA trainings and how it is an
ethical obligation to follow HIPAA guidelines
Health care organizations, such as UCLA Medical
Center, should have a HIPAA committee and a
training/education committee
Employees should also be aware of the implications
and ramifications of HIPAA violations and their jobs
5. Legacy Health System has over 5,000 employees to
train in HIPAA and need to save thousands of hours in
training all these individuals while also saving money
Classroom training would require a lot of time and
money for managers, so an education committee
established an online HIPAA forum
“Legacy initiated its HIPAA training in January 2003; in
six weeks, 6,000 employees were trained, and their
whole organization was complete inside of two months”
(p. 32)
Online HIPAA training also cut down on hours in training
and costs; “Legacy paid for 4,000 employee hours
instead of 18,000” (p. 33)
Source: Blair, R. (2003). HIPAA Training Comes of Age. Health
Management Technology, 24(7), 30-33
6. The first step in the HIPAA training process is to define
HIPAA
Next, managers need to make sure that their employees
understand that there is not just HIPAA that protects
patient privacy, but there is also the Privacy Rule
Employees need to understand the implications and
ramifications of HIPAA violations and managers need to
remind their employees that fines and loss of their job
are possible there are HIPAA violations
Finally, management needs to take a page out of the
Legacy Health System book and implement an online
training system to ensure that all employees are
receiving the proper training, while also saving the
organization time and money