The Benefits of HIPAA Virtual Training

HIPAA virtual training – online or software-based training rather than instructor-led training – can be one of the most cost-effective ways of improving HIPAA compliance among your employees, but it can also be one of the most expensive.

HIPAA virtual training allows employees to absorb subject matter at their own pace, the training material is always available, and its content can be customized remotely to suit an individual´s or organization’s specific needs.

Similarly, the training material can be updated by the online trainer or software provider to reflect changes in laws, technology or working practices; and there is usually some sort of human support available to answer any questions.

However, nobody is ever going to become HIPAA-compliant by watching a $20 training video for thirty minutes. Even if the $20 course comes with a certificate at the end of it, all the certificate proves is you watched a video. The certificate will not help you avoid a fine for a breach of PHI – which is a likely event if your HIPAA training lasted as long as an episode of the Big Bang Theory!

What HIPAA Virtual Training Should Consist Of

HIPAA virtual training should cover every element of the HIPAA Rules and HITECH Act requirements that affect how a Covered Entity or Business Associate uses PHI in their possession. In order to remain relevant to employees in different roles, HIPAA virtual training should follow the hub and spoke model – i.e. general training for all, complemented with specific training for whom it is relevant.

The key aspects of HIPAA and the HITECH Act that should be covered by general training are indicated below, with more detailed information available in our HIPAA Compliance Guide.

Elements of HIPAA to Cover in a Virtual HIPAA Training Course
HIPAA Overview Patient Rights Safeguarding ePHI Consequences of HIPAA Violations
Why HIPAA is Important HIPAA Rules on PHI Disclosures HIPAA and Social Media The HITECH Act and HIPAA Omnibus Rule
HIPAA Definitions HIPAA Security Rule HIPAA in Emergency Situations HIPAA Breach Notifications
HIPAA Privacy Rule Threats to Patient Data Preventing HIPAA Violations Recent HIPAA Updates

The U.S. Department of Health & Human Services has also published a selection of general training materials and resources on its website. More specialized areas of HIPAA virtual training would likely include:

  • Privacy, security, administrative, physical, technical, and device risk assessments.
  • The implementation of administrative, physical and technical safeguards.
  • The development of HIPAA-compliant policies and procedures.
  • How to identify, report and manage breaches of PHI.
  • Business Associate Agreements and due diligence.

There is No Officially-Sanctioned HIPAA Training Course

Although HIPAA training is mandatory (see 45 CFR §164.308 & 45 CFR §164.530), the Department of Health & Human Services provides no guidance concerning what should be included in any training – leaving each Covered Entity and Business Associate to organize a suitable and relevant program.

Furthermore, the HHS clearly states on its website there is no officially-sanctioned training course, no officially-sanctioned HIPAA certification, and no company officially-sanctioned to certify HIPAA compliance. “Such certifications” its website reads, “do not absolve covered entities of their legal obligations under the Security Rule”. The same applies to Business Associates and sub-contractors.

However, having undergone a HIPAA virtual training course may mitigate a fine for a breach of PHI or failing an audit. That may depend on the nature of the training course, whether or not it is ongoing, and whether or not the lessons learned in the training course have been put into practice. For this reason, HIPAA virtual training is best followed by a HIPAA virtual audit.

What is a HIPAA Virtual Audit?

A HIPAA virtual audit is like an end-of-term test. Training professionals with knowledge of the HIPAA audit procedures review an organization´s progress through the course and the policies and procedures that have been developed. They point out where there are gaps in the organization´s HIPAA compliance and suggest remedies in order to avoid potential fines if the organization is physically audited.

Like HIPAA virtual training, a HIPAA virtual audit is an ongoing process. After suggesting what action should be taken to fill gaps in the organization´s HIPAA compliance, the training professionals review the organization´s operations and policies every six months. The HIPAA virtual audit helps ensure organizations maintain their progress toward HIPAA compliance with rolling project plans.

Also like HIPAA virtual training, HIPAA virtual audits are not officially sanctioned by the Department of Health & Human Services. Nonetheless, having somebody with knowledge of the auditing procedure review your compliance efforts and identify areas which need more attention can be valuable in preventing a breach of PHI and any subsequent fine – certainly a more cost-effective way to achieve HIPAA compliance than making your employees watch a thirty minute video during their lunch breaks.