The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) (collectively, HIPAA) obligate nearly all healthcare providers to protect the confidentiality of patient health information. The HIPAA Privacy Rules require so-called “covered entities” to train staff on HIPAA compliance at the start of employment and periodically thereafter. Unfortunately, many covered entities buy a canned HIPAA manual on the Internet, put it in a binder, and place it on a shelf without ever training staff on its contents. Over the past several years, the federal agency tasked with enforcing HIPAA, the Office of Civil Rights (OCR), has significantly ramped up its audit activity and new multi-million dollar HIPAA settlements are announced each day. When investigating covered entities, OCR inquires whether covered entities have trained staff and asks for proof of same.
To help covered entities comply with their mandatory training obligations and avoid substantial fines or penalties, Sheehan Phinney’s Healthcare Group has developed a HIPAA training program for staff of all levels who must be trained, or refreshed, on HIPAA-compliance measures.
The program covers:
- Privacy Rule
- Security Rule
- Breach Notification Rule
- Other important HIPAA concepts such as the minimum necessary rule, business associate agreements, family right of access to PHI, and much more.
Our program is grounded in real world examples, and we answer staff questions on pervasive problems or issues. We give each participant a certificate of completion to be placed in their employment file as evidence of attendance in case of audit by OCR. Moreover, we offer a corresponding “train the trainer” session, so that facilities and practices can repurpose the presentation and use it to train staff on an ongoing basis.
If a facility or practice is also a covered substance use disorder program under 42 C.F.R. Part 2, we can train staff on Part 2 obligations, and the interrelationship between HIPAA and Part 2, as applicable.
Finally, for an additional fee, we can prepare a HIPAA Policies and Procedures Manual if a facility or practice has not implemented policies and procedures to date. We can also help conduct the required HIPAA Risk Assessment.
We offer these programs and materials for flat fees. If interested in learning more about these programs and materials, please contact Jason Gregoire at (603) 627-8154 or jgregoire@sheehan.com