PRIVACY TRAINING PLAN - KATY SMATHERS
Download as PPSX, PDF
0 likes668 views
This document outlines the importance and requirements for healthcare organizations to conduct privacy training for employees and business associates. It discusses how federal regulations, such as HIPAA, require covered entities to provide training on privacy policies and procedures. It also notes that training should be provided initially during orientation and annually thereafter, with supplemental training for significant policy changes. The document recommends training be multi-modal, interactive, tailored to job functions, and include competency testing. It provides examples of topics that should be covered in privacy training programs.
PRIVACY TRAINING PLAN - KATY SMATHERS
- 1. KATHRYN SMATHERS MHA690: HEALTH CARE CAPSTONE DR. ROCKIE MCDONALD AUGUST 21, 2014 *
- 2. * * Critical to protect patients and practice. * Establishes shared understanding of expectations for employees & business associates * Adhere to federal requirements Health Insurance Portability and Accountability Act (HIPAA) Section 164.530 of the privacy rule states: A covered entity must train all members of its work force on the policies and procedures with respect to private health information required by this subpart, as necessary and appropriate for the members of the work force to carry out their function within the covered entity * In accordance with Joint Commission Standards Standard IM.1.20 Information security, including data integrity, is maintained. Wiedemann, 2010
- 3. * *Employees *Contractors *Volunteers *Affiliates *Students/Residents *Anyone else who are likely to have contact with protected health information
- 4. * *Provided to new hires during orientation or affiliation (first 2 days of employment/joining organization) *Continuing education annually (refresher course with competency exam) *Supplemental training provided within 30 days of any significant changes to material
- 5. * * Effective privacy training must be multi-modal and ongoing (Cline, 2010). All training should be interactive & eye catching to catch and maintain attention Tailor modules to individual job functions. Computer based training for core content/ in-classroom training depending on job function (i.e. Release of Information Staff, Management) Passing competency test required to document understanding Periodic e-mail reminders to all staff privacy protection campaign awareness & quarterly reminder messages Annual refresher courses with competency exam required
- 6. * *Description of different forms of sensitive information *Real life examples of sensitive information *Description of various locations of Private Health Information (PHI) (i.e. print, public conversation, computer applications, laptop computers & mobile devices, email, remote access, portable storage devices) *Definition of appropriate access (i.e. need-to-know basis)
- 7. * * HIPAA Privacy and Security Rules explanation * Description of unauthorized access * Real life examples of unauthorized access * Password management/workstation securement protocols * Clear description of employee/associate responsibilities * Disposal of PHI protocols * Suspected/known violation reporting process
- 8. * * Real life scenarios of information breaches & privacy violations * Description of penalties * Description of reporting process * Description of auditing process * Privacy Officer contact information * Printable job aid (easy to understand form of organizations Notice of Privacy Practices & potential violation reporting process
- 9. * Cline, J. (2010). Privacy Training Gone Awry. Computerworld, 44(3), 24. Weidemann, L.A. (2010, Nov). HIPAA privacy and security training (updated). American Health Information Management Association. Retrieved from: http://library.ahima.org/xpedio/groups/public/documents /ahima/bok1_048509.hcsp?dDocName=bok1_048509