HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Archive for HIPAA Staff Training

The HIPAA Omnibus Rule compliance date is less than a week away. Will your organization be ready to comply by September 23?

HCPro’s digital and print offerings make it easy to provide HIPAA training for your entire workforce. HCPro has been the leader in HIPAA education from the start, having trained more than 1 million of your peers to be HIPAA compliant.

Don’t delay—become HIPAA compliant today!

View HCPro’s HIPAA solutions. 

Comments (0)

With less than two months to go before the HIPAA Omnibus Rule compliance deadline, many experts are taking the time to remind covered entities (CE) and business associates (BA) of what needs to be done by September 23.

According to an alert sent out by legal experts at Saul Ewing, LLP, there are five things that all CEs need to accomplish before the deadline:

  1. Update your notice of privacy practices
  2. Update your BA agreements (BAA)
  3. Update breach response policies
  4. Review and update your HIPAA manual
  5. Educate your employees

Additionally, the law firm’s alert advises BAs and subcontractors to make sure the BAAs they send to CEs are in compliance with the Omnibus rule. It may be necessary for BAs to revise policies and procedures to reflect the fact that they may be implementing agreements with subcontractors that are BAs, according to the alert. The firm advises CEs, BAs, and subcontractors to use August and early September as a time to double check that all their efforts comply with the Omnibus rule.

Remember the mistakes that cost Rite Aid Corporation and CVS Caremark Corp. millions for HIPAA violations? Disposing pill bottles in public trash containers without shredding them?

They could have been avoided by simply enforcing HIPAA policies and procedures and providing ongoing staff training, experts say.

There is a right way to avoid a HIPAA violation here – and we show you the way in our new HIPAA/HITECH video.

HCPro, Inc.’s Privacy, Security and You: Protecting Patient Confidentiality Under HIPAA and HITECH, Second Edition is the updated version of our best-selling HIPAA training video that covers both privacy and security training.

Check out this clip about pill bottles, one of several case examples included in the video.

The DVD video also covers important HIPAA compliance matters such as:

  • Laptop security
  • Identity theft
  • Discussing PHI in hallways
  • E-mail encryption
  • Misdirected faxes
  • Family-member inquiries on PHI

If you want more information, go to the video’s page on our marketplace.

Thanks!

Dom Nicastro
Senior managing editor
HIPAA Update
dnicastro@hcpro.com

Cignet Health’s failure to cooperate with the government’s HIPAA privacy and security enforcer just cost the Maryland hospital system $3 million.

It cost the system another $1.3 million when it failed to provide patients copies of medical records within 30 (and no later than 60) days.

The message can’t be any clearer: when the Office for Civil Rights (OCR) knocks, answer the door.

About 48 hours after the Cignet news broke, OCR announced a $1 million settlement against Massachusetts General Hospital in Boston for an incident involving the loss of 192 patient records belonging to Mass General’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS.

Get it? It’s a crackdown.

One security officer who “got it” before Cignet’s landmark fine and settlement were announced is Greg Young.

Young, the information security officer at Mammoth Hospital in Mammoth Lakes, CA, has worked with OCR on about a handful of investigations.

“I never had the sense they were going to let me get away with anything,” Young says. “They were pretty demanding and yet always professional. At one point they reminded me that they have the last word. Though I thought I was cooperating, they wanted more details. I’m amazed that Cignet got away with as much as they did for as long as they did.”

One investigation involved a former employee of the hospital who claimed his medical records were accessed inappropriately. OCR’s investigation took about five to six months. Federal officials resolved that there was no such inappropriate access.

During the investigation, Young retained all his hospital’s communications between the former employee and OCR in an electronic file. And he kept the audit access logs on the employee’s medical records, for which OCR asked for copies.

“It was reasonable, and I shared everything with them,” Young says. “We documented the incident report and the e-mail exchanges. I created an electronic folder and put copies of emails, phone calls and notes, into it and had an investigative log in there that has the timeline of all related events. They wanted me to produce audits of the complainant’s record, and they ended up agreeing with us.”

Another OCR investigation with Mammoth involved a patient who claimed a co-worker should not have been allowed in the treatment room; though it could not be corroborated the patient ever expressed that during the  stay, Young says.

The end result came when OCR asked Mammoth to change its policies and procedures and be more proactive to ensure patients know they can refuse certain folks’ presence in their hospital room.

“OCR wants to see you are taking these things seriously,” Young says. “If you don’t, they don’t hesitate to inform you there are really going to be consequences.”

Today, Young is as proactive as ever about training. One big part is issuing commendations. In fact, he awards folks for good privacy and security practices by distributing one-page commendations to individual employees, their managers and human resources.

It’s little things like this that help employee morale – and help when OCR or state auditors come knocking.

“It’s great for the employees,” Young says. “And now, maybe they see that Greg is not just looking for the bad guys, he’s looking for the good guys, too. And we’re using the commendations as a tool for any regulatory agency that wants to audit us. It shows historically we encourage people to report things and then proactively respond by immediately addressing the risk before it becomes something reportable.”

Comments (0)

First things first. I am not sending this clip to Hollywood in hopes that my acting talents as a laptop thief are noticed in time for the making of the Departed 2.

My day job will remain my day job – and that’s to write for HCPro, Inc. and HIPAA Update some HIPAA compliance news, tidbits, tips and now, the latest, a HIPAA training DVD video.

So along with my acting debut, I proudly unveil HCPro, Inc.’s Privacy, Security and You: Protecting Patient Confidentiality Under HIPAA and HITECH, Second Edition. It is the updated version of our best-selling HIPAA training video that covers both privacy and security training.

One of the best ways to train staff is to show them the right and wrong way to do their job. And that’s what our DVD video does.

Check out this clip to see what I mean.

If you want more information, go to the video’s page on our marketplace.

Thanks!

Dom Nicastro
Senior managing editor
HIPAA Update
dnicastro@hcpro.com