Here’s a New Year’s resolution for you: Train your staff about HIPAA privacy rules. Here are three good reasons for doing this:

1. It’s required by state and federal law. Since September 2012, Texas law requires HIPAA training — customized to each employee’s scope of employment — within 60 days of hiring an employee and every two years thereafter. Indeed, HIPAA has required employee training since 2003 “as necessary and appropriate for them to carry out their functions,” within a reasonable time after hiring, and updated as needed. Be sure you document the training and keep signed attendance records.
2. It’s good defense in the case of an audit. A federal pilot audit by the U.S. Office of Civil Rights (OCR) now under way indicates that HIPAA privacy compliance among covered entities is less than 30 percent; a full-blown audit program may follow. Regarding the pilot, the American Bar Association’s Health Law Section reports, “OCR, via its auditors, has made it clear that the general theme of the audits is ‘show me your written policy, and show me you followed it.’”
3. It’s good insurance against privacy violation complaints, or against stiff sanctions if a slip-up in your practice occurs. If your practice has written policies and procedures, and your staff understands and follows them, a privacy violation is unlikely to occur. OCR does investigate complaints. And they don’t come only from patients. One practice compliance officer warns that disgruntled or former practice staff members have been known report the practice’s negligent privacy practices. For example: 

• Do you still include protected health information (PHI) on your sign-in sheets? If you want to collect this information at sign-in, you should use peel-and-stick labels.
• Do you enforce a policy whereby anyone working with PHI paperwork puts it away when stepping away from it, even to grab a cup of coffee or an incoming fax? It should go into drawer or envelope as long as it is unattended.

TMA can help you get rolling on New Year’s training resolution. Our new suite of three live lunch-hour training webinars with Q&A can give you a firm underpinning for training your whole staff. We’ll offer the series in December and again next spring.

Dec. 11 — Complying With HIPAA and Texas Privacy Laws. This overview is for physicians, HIPAA compliance officers, office managers, and other staff interested in risk management and regulatory compliance.

Dec. 12 — HIPAA for Nonclinical Staff. This trains staff working in the business side of your practice and HIPAA compliance officers.

Dec. 13 — HIPAA for Clinical Staff. This training is for clinical staff, billers/coders, and HIPAA compliance officers.

Along with your registration for each of these webinars, you will receive:

• A series of discussion questions you can use to complete the custom training for your employees after they’ve heard the webinars.
• HIPAA  and Texas law compliance tools: a risk assessment checklist, an updated sample business associate agreement, an updated Notice of Privacy Practices, a checklist for creating a records release authorization form, and an employee privacy training signature sheet.

Register now for the December webinars.

 Remember,TMA's Policies and Procedures: A Guide for Medical Practices is HIPAA- and Texas privacy law-compliant and customizable. Be sure to use the tools and forms in the guide to create your custom policies and procedures manual.

And if you have questions, contact the TMA Knowledge Center at (800) 880-7955 or knowledge@texmed.org.

Published Nov. 29, 2012 

  TMA Practice E-Tips main page