New HIPAA training ensures patient confidentiality
Date: October 14, 2011
Raises the bar on patient privacy
Even if you think you’re vigilant about protecting patient privacy, there’s still a good risk for violating Health Insurance Portability and Accountability Act (HIPAA) laws. So says Carol Richardson, Hopkins’ HIPAA privacy officer. Since 2003, her office has received 1,045 privacy complaints. People tend to forget, Richardson explains, that protected health information (PHI) includes data in any form—written, oral or electronic—that can be linked to a specific patient. “That can include X-rays, billing records, appointment reminders and even just expressing that a patient is receiving care at Johns Hopkins.”
So, building on its commitment to keep patients’ health information private, the HIPAA office rolled out a new generation of mandatory training on Oct. 3. The core of this program, says Johns Hopkins Health System senior counsel Don Bradfield, is four courses of varying degrees of instruction that address privacy and security using relevant, Hopkins-focused scenarios. Employees of every Hopkins provider organization, as well as certain related organizations, will be required to take at least one of the courses by Dec. 31.
Which course workforce members must take will depend on their job duties and the date they took their last online HIPAA training course. Managers are expected to make sure that every member of their team takes the appropriate training and successfully completes it before the end of the calendar year.
This isn’t only the right thing to do in protecting patients’ privacy, says Bradfield. It’s a vital responsibility for anyone who works in health care. In fact, he notes, HIPAA vigilance has intensified nationally. “We’re facing a new HIPAA enforcement environment—with increased monetary penalties and an active program of regulatory auditing for HIPAA compliance.” And, with the new electronic medical record comes greater access to patient records, raising the odds of privacy breaches. “The Office for Civil Rights,” adds Bradfield, “has indicated that it will be looking for a ‘culture of compliance.’”
Richardson says staff might ask themselves, Would you want someone you didn’t authorize to see or discuss your PHI? She adds that “it’s to everyone’s benefit that our workforce remains adequately educated and fluent in these important HIPAA requirements.”
Info: firstname.lastname@example.org, 410-735-6509 and http://www.insidehopkinsmedicine.org/hipaa/