Does HIPAA require a certain kind of staff training?
Q: Does HIPAA require a certain kind of staff training?
A: Yes. Any staff member who handlesor comes into contact withmedical information must be trained to understand both the general privacy requirements and the specific ways they're implemented in your practice. How you reach this goal, if you haven't reached it already, is up to you. For example, you could buy a HIPAA compliance guide (many state and county medical societies make these available) and ask your staff to read it, along with your own policies and procedures manual. You could also send staff members to HIPAA seminars. Whatever method you employ, be sure to document all steps you take to train staff members.
Q: Once these elements are in place, what other steps do I need to take to be HIPAA compliant?
A: The administrative requirements discussed above only address HIPAA's privacy regulations. On Oct. 16, 2003, another set of standardswhich regulate the transmission of electronic claims and other transactionsalso took effect. Fortunately, CMS has devised a temporary contingency plan for accepting noncompliant transactions. If you show you're working toward compliance, you can continue to use existing formats. How long this de facto extension will last is anyone's guess, so you need to move toward compliance. Beginning in 2005, you will also need to comply with HIPAA's Security Standards, which define the administrative, physical, technical, and other steps practices must adopt to maintain patient privacy and confidentiality.