HIPAA stands for the Health Insurance Portability and Accountability Act. Although HIPAA certification is not required by HHS, it can be quite useful for training staff.
If you run a medical business, everyone that sees patient information needs to be HIPAA certified. Given that the fees for breaking HIPAA run from hundreds of dollars to thousands, it’s worth investing in the certification of your workers.
And, if you contract out to third party businesses, like SAVI, for example, you need to make sure everyone that works there has a HIPAA certification too. Not only do their employees need to have HIPAA compliance training, but their software and storage needs to be certified as well.
Wondering how to get your employees not only trained but knowledgeable enough to keep your clinic and your pockets out of trouble?
Who Needs HIPPA Compliance Training?
As mentioned above, anyone in your business who has access to patient identifiers, or Protected Health Information (PHI) according to HIPAA, is responsible for keeping that information confidential. That means your office staff, coders, medical aids, and your clinic manager, depending on what kind of management they do.
Getting all those people trained can be expensive, and you’re not required to cover the costs, but if you’re requiring it for work, it’s the right thing to do.
Here at Billing Savi, all of our employees are HIPAA compliant.
What Does HIPAA Certification Training Go Over?
There are two main parts of HIPAA.
The first protects employee information, outlines pre-existing conditions, and establishes insurance coverage for someone between jobs. That’s Title 1: The Health Care Access, Portability, and Renewability aspect.
Title 2 establishes boundaries for keeping patient health information confidential, sets standards for electronic data storage, and holds providers more accountable than before for data breaches.
The Rights of an Employee Under HIPAA
If you provide health insurance to your employees or the choice to opt-in to health insurance, you’re required to provide them coverage for a certain amount of time if they lose or change their job.
They also have the right to keep certain health information from their employers, unless it directly inhibits them from doing their job. And even then, the Americans with Disabilities Act states that they don’t have to give all the details.
It also, somewhat, prevents your employees from being discriminated against when applying for company health insurance if they have pre-existing conditions.
Another thing HIPAA compliance training will go over is HIPAA identifiers. These are anything that would differentiate a patient from another and identify them in any setting unless it is medically necessary and between HIPAA-bound providers.
There are 18 main HIPAA identifiers and your employees need to be aware of all of them. If they’re wondering, it’s always safest to assume that a piece of information is an identifier and double-check, rather than trying to backtrack.
The eighteen identifiers are as followed:
- Address (smaller than State)
- Patient relevant dates (birthdate, admittance, date of death)
- Phone Number
- Fax Number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- License number
- Vehicle identifiers
- Device identifiers (like pacemakers)
- Personal websites
- IP address
- Identifying images (including tattoos and unique markings)
- And “any other characteristic that could uniquely identify an individual”
As you can see, it’s a pretty exhaustive list. Then they throw that catch-all option in there at the end for good measure.
When It’s Okay to Identify a Patient
As far as talking to other providers, it’s generally okay to use patient information, as long as it’s necessary to discuss the case for proper treatment. For example, a general family doctor who refers someone to a cardiologist could speak openly with the other doctor about the patient, since they’re actively treating them.
Sharing their information has to be relevant, done with someone who is also HIPAA compliant, and the patient has to sign off on the sharing of information, depending on the network differences between providers.
With the protocol that information can only be accessed if necessary, that means it is against HIPAA for employees to look up their friends, family, or even themselves! These are some of the most often broken HIPAA compliance rules.
How would someone know what files each employee accessed? There is software that can track where and who accessed medical records, so if there’s a data breach, the people involved are easy to identify.
Data and Computer Security Rules
This is where things get more complex and on a macro level, you as the employer will most likely be the one keeping track of these details.
However, your employees need to practice good security, such as locking their computer every time they walk away, being able to identify when people are spying or unlawfully sharing information, as well as have a computer that locks, with password changes every 90 days.
There are also rules about levels of encryption, database requirements, and computer security programs that providers need to know.
HIPAA Certification Training
Some HIPAA training is free, but often it costs $30-$100 per employee, depending on the business and certification. There is not one widely-accepted certification, but many private companies that offer compliance certificates.
You could ask your employees to cover the HIPAA Certification cost, but from a business standpoint, it’s more of an operating cost.
Depending on how many employees you have, that could get expensive, fast.
Instead, if you’re setting up a clinic or looking to expand, why not outsource to a medical business company that has already trained all its employees at no cost to you? All of our services, databases, and devices are HIPAA compliant, meaning you don’t have to worry about a thing.
Want to increase your HIPAA compliance without breaking the bank? Get a free estimate of how we can reduce your in-house operating costs while keeping you compliant – today!