Training employees in HIPAA compliance should be frequent and include realistic situations, including scenarios in which they may unknowingly facilitate a breach, says Lani M. Dornfeld, JD, CHPC, an attorney with Brach Eichler in Palm Beach, FL.
After any breach, the Office for Civil Rights (OCR) asks about frequency of compliance training, and requests proof. Investigators often want to see training materials to assess its effectiveness, which influences settlement decisions.
In addition to working with clients on HIPAA issues, Dornfeld is the compliance officer for her law firm. She says this has helped her understand which training tactics are most effective. Dornfeld has found clients who only train staff once a year have more trouble retaining good HIPAA habits.
People also respond better and retain more information when the training is live in person — or at least live online — rather than watching a video and taking a quiz. The ability to ask questions is important.
Dornfeld’s team also sends short, periodic email blasts with updates about HIPAA compliance trends or emerging breach risks.
“I have many training initiatives for the firm throughout the year, and I encourage clients to do the same. We have the more formal live webinar training that everyone is required to attend, but that is not enough to counter the endless barrage of cybercriminals,” Dornfeld says. “We use additional training videos throughout the year, limiting them to five- or 10-minute videos that we cycle out to different people on different days of the month.”
The short videos produce better cooperation from staff than 20-minute videos, Dornfeld notes. She looks for videos that cover only one or two HIPAA topics at a time.
“People are willing to fit a five-minute video into their day. We look for videos that show them things they can relate to, such as what a phishing email really looks like when it lands in their inbox,” Dornfeld explains. “A longer webinar can cover a lot, but for these videos we’re looking for short, punchy illustrations with practical examples they can relate to in their work.”
SOURCE
- Lani M. Dornfeld, JD, CHPC, Brach Eichler, Palm Beach, FL. Phone: (973) 403-3136. Email: [email protected].
Training employees in HIPAA compliance should be frequent and include realistic situations, including scenarios in which they may unknowingly facilitate a breach.
You have reached your article limit for the month. Subscribe now to access this article plus other member-only content.
- Award-winning Medical Content
- Latest Advances & Development in Medicine
- Unbiased Content