While data privacy and security regulations abound, few bring the same number of frustrated groans from IT departments as the Health Insurance Portability and Accountability Act (HIPAA).
The acronym “HIPAA” sounds a lot like the word “hippo.” In many ways, the connection between the two is an excellent way to think of the regulation. Hippos are highly aggressive and unpredictable, making them some of the world’s most dangerous animals. Similarly, HIPAA is a highly aggressive regulation, one that includes heavy fines and jail time. Just as you would teach someone going on a safari to steer clear of hippos, you need to educate your staff according to the HIPAA training compliance requirements to protect patient data.
What are the HIPAA training requirements?
The regulatory morass known as “HIPAA” imbeds training in two small sections of two rules. Similar to the rest of the law, the training requirements are equal parts prescriptive and vague.
According to the HIPAA Security Rule Administrative Safeguards, all covered entities must annually train all workforce members and document said training. The training and documentation must:
Be provided to all workforce members by the annual compliance date Be provided to new workforce members