HIPAA Compliance and Enforcement: The Importance of Staff Training

Given the rise in telehealth, expanding requirements under the 21st Century Cures Act on April 5, 2021, and other factors impacting health information privacy and security, there’s never been a better time to revisit the HIPAA enforcement process and reestablish the importance of employee training. As a result, we have built out this handy tip sheet for you to download to use as a refresher. Along with that, you can find the highlights below:

What is the Typical HIPAA Enforcement Process?

1. Office for Civil Rights (OCR) receives HIPAA complaint
2. OCR conducts investigation, and possibly a compliance review
3. OCR may assign civil monetary penalties and can work with the Department of Justice (DOJ) to determine if criminal penalties are necessary
4. OCR works with covered entities that settle and agree to develop a corrective action plan (CAP)

What Are The Top 3 Issues In Investigated Cases¹ ?:

1. Improper uses and disclosure of Protected health information (PHI)
2. Lack of safeguards to protect PHI
3. Lack of patient access to PHI

If you are found to be in violation, the HIPAA fines can range from $100 – $1.5M per incident². Since 2003, OCR has settled or imposed monetary penalties totaling over $135M⁴

The number of OCR penalties given for HIPAA violations has increased by over 70% in 2020 compared to recent years² . Considering this, it is still shocking that 33% of healthcare organizations have no policy for disposing of confidential paper documents³ which can pose security and breach related concerns.

When Is HIPAA Training Required?:

1. HIPAA training is required within weeks—not months—of hiring a new employee, and before exposure to PHI
2. As soon as the Department of Health and Human Services (HHS) implements new guidance or requirements
3. When there is a change in workplace policies, procedures, or technology
4. Periodically, often interpreted at a minimum as annually

With Steri-Safe HIPAA you get access to up-to-date HIPAA trainings covering topics such as information blocking, privacy and security. Visit Stericycle.com/HIPAA to learn more.