If your organization handles personal medical information, you and your staff must keep up to date. The federal Health Insurance Portability and Accountability Act (HIPAA) created standards for releasing sensitive patient health information. When was the last time employees handling this data learned about its requirements? When they were hired? If so, has there been any training since? We think it is a great idea to offer a refresher to all of your employees so they have the opportunity to give input into office procedures to stay compliant.
The Only Thing That’s Constant is Change
HIPAA is a law enforced by the US Department of Health and Human Services (HHS), which issues rules and regulations. Government agencies can change regulations and rules over time. Do your practices still comply with the law and applicable regulations?
Congress can change HIPAA like any other law. Courts also interpret the law in cases where what it means or how it’s applied is at issue. If you search Google Scholar’s database of federal court decisions, you’ll find 237 that mention “HIPAA” just in 2022. Might one or more apply to you? A midyear refresher with your staff would be a great idea. They may think they know the law, but they could misunderstand it and make mistakes without realizing it.
HIPAA Requires Ongoing Training
HIPAA’s Privacy Rule covers the use and disclosure of individuals’ protected health information by those subject to the rule (individuals and organizations considered “covered entities”). Those entities include healthcare providers, health plans (including health insurers and health maintenance organizations), healthcare clearinghouses (entities that process healthcare information), and business associates (a person or organization using or disclosing information to perform a function or service for a covered entity).
This rule was enacted in 2003. Its goal was to establish national standards for maintaining medical records so electronic medical records (EMRs) would be adopted by 2020. That hasn’t happened. The same general standards for EMRs apply to paper documents.
HIPAA’s Security Rule also applies if your organization is a covered entity. Part of it (45 CFR § 164.308(a)(5)) covers training. HHS explains its Security Awareness and Training standard that covered entities must, “Implement a security awareness and training program for all members of its workforce (including management).” Part of HIPAA’s required security is the destruction and secure disposal of medical records and other documents with personal health information.
Security training for all covered entity employees was required by the rule’s compliance date (April 20, 2005, for all covered entities except small health plans which had until April 20, 2006). New hires need training, and periodic retraining should be given when changes affect the security of protected health information. Changes may be to the Security Rule, new or updated procedures, or policies.
Not only can we dispose of documents containing medical information, but we can also provide you with HIPAA training.
Comply with HIPAA and Prevent the Consequences That Can Come With Violations
You don’t want to face potential fines and the bad publicity that will come when medical records are discovered in your dumpster. You may also deal with irate patients complaining that you violated their privacy on social media.
We all want our personal data kept safe. We’re more likely to work with companies and medical practices that keep our records safe and properly dispose of them when they’re no longer needed. The same is true for your clients, customers, and patients. TITAN works with you to determine your needs and to provide an easy, affordable method to keep you in compliance with HIPAA and other laws. Contact us today at (215) 766-3480 or (866) 848-2699.
