HIPAA Compliance: Focus on Training

HHS Ramping Up Education Efforts

By , May 1, 2013.
HIPAA Compliance: Focus on Training

The Department of Health and Human Services, in its auditing and enforcement activities, has confirmed that a lack of training is a common cause of HIPAA compliance difficulties. So it's taking several steps to help.

See Also: Rethinking Endpoint Security

This week, HHS unveiled several new online tools to educate healthcare providers and consumers about the HIPAA security and privacy rules. It also plans to issue guidance to assist healthcare organizations and business associates with HIPAA Omnibus Rule compliance. And it's considering calling attention to the need for HIPAA compliance training in Stage 3 of the HITECH Act's electronic health record incentive program.

New Resources

Among the new HIPAA educational tools that HHS' Office for Civil Rights unveiled this week are:

  • A series of fact sheets in eight languages to inform patients of their rights under HIPAA - and additional rights under HIPAA Omnibus;
  • A training module, "Patient Privacy: A Guide for Providers," available on Medscape.org, which makes physicians and other healthcare providers eligible for free continuing education credits;
  • A video, The HIPAA Security Rule, designed to provide smaller physician group practices with an overview of basic safeguards for protecting patient information and complying with the rule's requirements. Earlier this year, OCR released a series of videos targeting consumers that focus on various aspects of HIPAA.

The new resources are part of a larger HHS mission to raise overall awareness and understanding of HIPAA by patients and healthcare providers, says Rachel Seeger, an OCR information privacy outreach specialist.

Guidance Coming

In addition to the new tools unveiled this week, OCR plans to release a variety of guidance materials to help healthcare organizations and business associates comply with provisions of the HIPAA Omnibus Rule, including its updated breach notification rule, Seeger says. The HIPAA Omnibus guidance material will be released "before end of September if not sooner," she says (see: HIPAA Omnibus: Guidance Coming).

OCR's upcoming HIPAA omnibus guidance will include "frequently asked questions" and technical assistance covering a variety of topics, Seeger says.

Because OCR receives many inquiries about HIPAA Omnibus compliance from smaller providers, it plans to address their concerns in upcoming guidance material, she says (see: HIPAA Omnibus: Tips for Clinics).

Earlier, HHS released other HITECH Act and HIPAA educational materials, including mobile security guidance, a sample business associate agreement and HIPAA risk analysis protocol.

The HIPAA Omnibus Rule went into effect March 26, but covered entities as well as their business associates have until Sept. 23 to comply.

Stage 3 Spotlight

In addition to OCR's efforts to offer HIPAA training, another unit of HHS is looking into ways to boost compliance education efforts among healthcare providers.

The Office of the National Coordinator for Health IT is in the early stages of devising rules for Stage 3 of the HITECH Act's electronic health record incentive program, slated to begin in 2016. In early discussions about Stage 3 requirements, the HIT Policy Committee's Privacy and Security Tiger Team, which advises ONC, is weighing whether the Stage 3 rules should highlight the importance of HIPAA training.

At an April 30 meeting, tiger team members discussed "spotlighting" in the Stage 3 meaningful use regulations the training requirements in the HIPAA Security Rule. That's because inadequate HIPAA training is one of the key deficiencies OCR has discovered in its enforcement actions, says Deven McGraw, tiger team chair.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Facebook Denies Hackers Caused Outage

Facebook dismisses reports that a brief Jan. 26 outage was triggered by either U.S. blizzard...

Latest Tweets and Mentions

ARTICLE Facebook Denies Hackers Caused Outage

Facebook dismisses reports that a brief Jan. 26 outage was triggered by either U.S. blizzard...

The ISMG Network