23 April 2021
HIPAA Compliance and Enforcement: The Importance of Staff Training
Given the rise in telehealth, expanding requirements under the 21st Century Cures Act on April 5, 2021, and other factors impacting health information privacy and security, there’s never been a better time to revisit the HIPAA enforcement process and reestablish the importance of employee training. As a result, we have built out this handy tip sheet for you to download to use as a refresher. Along with that, you can find the highlights below:
What is the Typical HIPAA Enforcement Process?
- Office for Civil Rights (OCR) receives HIPAA complaint
- OCR conducts investigation, and possibly a compliance review
- OCR may assign civil monetary penalties and can work with the Department of Justice (DOJ) to determine if criminal penalties are necessary
- OCR works with covered entities that settle and agree to develop a corrective action plan (CAP)
What Are The Top 3 Issues In Investigated Cases1 ?:
- Improper uses and disclosure of Protected health information (PHI)
- Lack of safeguards to protect PHI
- Lack of patient access to PHI
If you are found to be in violation, the HIPAA fines can range from $100 – $1.5M per incident2. Since 2003, OCR has settled or imposed monetary penalties totaling over $135M4
The number of OCR penalties given for HIPAA violations has increased by over 70% in 2020 compared to recent years2 . Considering this, it is still shocking that 33% of healthcare organizations have no policy for disposing of confidential paper documents3 which can pose security and breach related concerns.
When Is HIPAA Training Required?:
- HIPAA training is required within weeks—not months—of hiring a new employee, and before exposure to PHI
- As soon as the Department of Health and Human Services (HHS) implements new guidance or requirements
- When there is a change in workplace policies, procedures, or technology
- Periodically, often interpreted at a minimum as annually
With Steri-Safe HIPAA you get access to up-to-date HIPAA trainings covering topics such as information blocking, privacy and security. Visit Stericycle.com/HIPAA to learn more.