Home » Security Bloggers Network » How to satisfy HIPAA awareness and training requirements

How to satisfy HIPAA awareness and training requirements

by Karen Walsh on December 17, 2019

Introduction

While data privacy and security regulations abound, few bring the same number of frustrated groans from IT departments as the Health Insurance Portability and Accountability Act (HIPAA).

The acronym “HIPAA” sounds a lot like the word “hippo.” In many ways, the connection between the two is an excellent way to think of the regulation. Hippos are highly aggressive and unpredictable, making them some of the world’s most dangerous animals. Similarly, HIPAA is a highly aggressive regulation, one that includes heavy fines and jail time. Just as you would teach someone going on a safari to steer clear of hippos, you need to educate your staff according to the HIPAA training compliance requirements to protect patient data.

What are the HIPAA training requirements?

The regulatory morass known as “HIPAA” imbeds training in two small sections of two rules. Similar to the rest of the law, the training requirements are equal parts prescriptive and vague.

According to the HIPAA Security Rule Administrative Safeguards, all covered entities must annually train all workforce members and document said training. The training and documentation must:

Sponsorships Available

Be provided to all workforce members by the annual compliance date
Be provided to new workforce members within a “reasonable period” after joining the workforce
Be updated if a material change in policies or procedures occurs and then given again to align with the changes
Be retained for at least six years

The HIPAA Privacy Rule Administrative Safeguards provide a bit more detail to help you understand the information that needs to be in the training. The specifications include: