• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Staff training (HIPAA privacy rules)


Does HIPAA require a certain kind of staff training?

Q: Does HIPAA require a certain kind of staff training?

A: Yes. Any staff member who handles—or comes into contact with—medical information must be trained to understand both the general privacy requirements and the specific ways they're implemented in your practice. How you reach this goal, if you haven't reached it already, is up to you. For example, you could buy a HIPAA compliance guide (many state and county medical societies make these available) and ask your staff to read it, along with your own policies and procedures manual. You could also send staff members to HIPAA seminars. Whatever method you employ, be sure to document all steps you take to train staff members.

Q: Once these elements are in place, what other steps do I need to take to be HIPAA compliant?

A: The administrative requirements discussed above only address HIPAA's privacy regulations. On Oct. 16, 2003, another set of standards—which regulate the transmission of electronic claims and other transactions—also took effect. Fortunately, CMS has devised a temporary contingency plan for accepting noncompliant transactions. If you show you're working toward compliance, you can continue to use existing formats. How long this de facto extension will last is anyone's guess, so you need to move toward compliance. Beginning in 2005, you will also need to comply with HIPAA's Security Standards, which define the administrative, physical, technical, and other steps practices must adopt to maintain patient privacy and confidentiality.

Related Videos