The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

More Than 50% of Healthcare Employees Fail a HIPAA Assessment, New Data Reveals

Businesses in the healthcare sector have a responsibility to minimise the risks of HIPAA violations, for the sake of their patients, staff and the organization as a whole.

One way in which organizations can mitigate internal breaches is by ensuring that staff receive regular HIPAA training. However the number of internal breaches recorded each year would suggest that more needs to be done to ensure employees are HIPAA compliant.

To investigate the standards of HIPAA training in the healthcare sector, The HIPAA Journal researchers have examined HIPAA assessment fail rates, the percentage of staff who have witnessed HIPAA violations, and how frequently training is being conducted in 2023.

How many employees working with PHI fail a HIPAA assessment?

More than half of employees working in the healthcare sector fail a HIPAA assessment.

These figures have been exclusively shared with The HIPAA Journal by ComplianceJunction, who continuously conduct HIPAA awareness assessments for healthcare organizations to determine whether its staff understand HIPAA.

The data suggests that more than 50% of staff working with PHI do not have a comprehensive understanding of HIPAA regulations, and therefore require more training.

More than half of employees working with PHI fail a HIPAA assessment

Which area of HIPAA training sees the highest fail rates?

During a HIPAA assessment in 2023, the most common areas of failure are:

  • HIPAA Violation Consequences – 66% fail rate
  • HIPAA and Social Media – 61% fail rate
  • Computer Safety Rules – 61% fail rate
  • HIPAA in Emergency Situations – 54% fail rate

“HIPAA Violation Consequences” was found to be the most common area of failure within HIPAA assessments, according to the data provided by ComplianceJunction.

Anyone working with PHI must be aware of the consequences of violating HIPAA standards, for many reasons. Primarily, a lack of understanding of the significant repercussions implies that the individual is unaware of the weight and importance of protecting PHI.

A HIPAA violation can have personal implications, which staff must be made aware of.

HIPAA Training Survey

How often do staff in the healthcare sector witness HIPAA violations?

More than two thirds (67%) of staff have witnessed a suspected HIPAA violation, according to The HIPAA Journal’s recent survey of 245 employees who work in the healthcare sector.

The most common types of HIPAA violations that staff believe they have witnessed were found to be:

  1. Failure to log off – 56%
  2. Unauthroised access – 49%
  3. Gossip – 43%
  4. Snooping – 41%
  5. Improper disposal of records – 39%
  6. Lack of employee training – 36%
  7. Sharing passwords – 34%
  8. Unauthroised release of records – 32%

Staff perception on HIPAA violations

Why do employees violate HIPAA regulations?

According to the survey data, employees believe that the main reasons that staff violate HIPAA are:

  1. Lack of knowledge – 35%
  2. Lack of care – 31%
  3. Lack of regular training – 14%

Although the data reflects staff opinions, it indicates that employees themselves are aware that HIPAA compliance standards are not where they should be, and many believe that infrequent training is a leading cause of HIPAA violations.

How often do staff receive HIPAA training?

The majority (74%) of staff receive training annually, according to the survey data. Providing training at least annually is considered to be best practice, however the aforementioned assessment fail rates indicate that organizations should be more proactive in assessing the need for more frequent internal training.

Out of the survey participants, one in ten did not receive HIPAA training within the first three months of their role. This is a legal requirement, according to The HIPAA Privacy Rule.

Similarly, 5% of staff in the healthcare sector only received HIPAA training once, which was when starting their job. Regular HIPAA training is key to ensure compliance standards are met.

How frequently do staff receive HIPAA training?

Summary

It is the responsibility of any organization in the healthcare sector, to ensure that staff receive regular HIPAA training. Regular training improves employees’ confidence and understanding of HIPAA regulations, in turn helping to minimise internal violations.

However, it appears that more regular HIPAA training needs to be undertaken in the healthcare sector, based on the high HIPAA assessment fail rates and staff reporting witnessing internal breaches.

Organizations should assess their staff to gain a comprehensive understanding of how well employees currently understand HIPAA, to ensure that they are providing training frequently enough for the needs of their workplace.

Find out more about arranging a free HIPAA awareness assessment here.

Arrange Your HIPAA
Training Assessment

You will be contacted by email to arrange your free assessment

Please ensure you enter your work email address correctly

Your Privacy Respected

HIPAA Journal Privacy Policy

Methodology

Assessment data was provided by ComplianceJunction, who run regular HIPAA awareness assessments for healthcare organisations. Survey data was collected in October 2023, and reflects 245 participants who work in the healthcare sector.

View the full survey statistics here.

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist