Employee Training Introduction Simply implementing HIPAA procedures is not enough. Every person in your firmmust also be aware of your firm's HIPAA policies. And they must comply with and respect them. HIPAA compliance is an ongoing dynamic process. Congress, the Department of Health and Human Services, compliance enforcement and the courts will continually define what HIPAA and HIPAA compliance really mean. And that, of course, means that someone in your firm is going to have to be accept the task of knowing what the changes and interpretations are. Your Privacy Officer will be able to learn of updates and changes from this web page as part of the subscription. There will also be an emailed newsletter to talk about what is going on nationally with HIPAA. Part of this on going process is training your employees. The HIPAA regulations requires ALL employee be HIPAA trained. Your employees must know the whys of HIPAA and the specifics of your firm's HIPAA policies. It is your employees that will be implementing your HIPAA policies and procedures. We recommendation you require each employee to complete the "Employee Training Module" on this site. And you should require all principals to take it as well. The HIPAA law requires that your current employees be trained now. New employees must be trained. And if you make changes in your HIPAA policies or procedures everyone must be retrained. This module will make that process much easier for your office to stay in compliance. Training module: An overview of the HIPAA law. It will cover the following points: What is HIPAA? Why the need for the law? Who must be HIPAA compliant? What are the major changes to operating procedures of a health care firm? What are the penalties for non-HIPAA compliance? What are the HIPAA policies of your firm? A HIPAA test at the end to review HIPAA knowledge A Printable certificate for each employee that completes and passes the test The HIPAA rules do not require it. Originally, the law included a three year retraining. The final regulations eliminated the retraining requirement. We recommend ALL employees be required to complete this module each year. New HIPAA changes will be added. You will also be able to make changes to your HIPAA policies here which will be added automatically to your employee training. And you can print off documentation for your HIPAA compliance manual showing that each employee has taken the training.  Documentation is important. If you are asked by the HIPAA police if your employees understand HIPAA and your firm's policies and procedures, how can you prove they are? Using this web page will give you several unique advantages.  You will be able to track who has completed the training When it was done How long it took What areas of HIPAA each employee and the group did well in or not so well  Employees can do it from any computer with internet access, in the office or at home If an employee does not pass the test, they can retake it until they pass that section only Reminders can be sent to the employee by email to return and review and retake the certification It is to your firm's advantage to have all your employees knowledgeable about the HIPAA rules and regulations. HIPAA must be integrated into your daily operations. It will change how you do business and operate your firm. Your HIPAA policies can not be implemented without the cooperation of your employees. They must be knowledgeable about how HIPAA affects your firm and how the policies of your firm provide security and privacy per HIPAA. Even an accidental oversight could result in possible huge fines or a lawsuit against the principles of your practice.  How easy is it to face the HIPAA compliance penalties? It is very possible. To get a call or visit from the enforcement division of the Department of Health and Human Services, the Office Human Rights, is quite likely. All it takes is a phone call or postcard from anyone to bring your office to their attention. Let me say that again, ANYONE can turn you into the DHHS. Ever had an employee leave and not be happy about it? What about a competitor that doesn't want to play fair? Are all your clients extremely happy with your firm's services? Or do you offer any services that someone in the public doesn't think you should, such as abortion counseling? It is real easy to be turned in, whether you are compliant or not. You have to prove your firm is operating under HIPAA compliance when asked. Documentation! And let's not forget where these laws will be tested, in court. Suppose a client of your office is not happy with services received. And let's suppose they enlist an attorney to talk to you about it. HIPAA is one area where you are guilty until you can prove otherwise. The HIPAA privacy notice you have to give to your clients must contain information on how to contact the enforcement division of Health and Human Services, including the phone number. Documentation, training and procedures will help your firm prove HIPAA compliance. What are the penalties for non-HIPAA compliance? The civil penalties are $100 fine per compliance item per client per year with a maximum of $25,000 per year per client. Suppose your employee(s) neglect to get a get a signature on the form indicating each client was notified of your HIPAA policies? Suppose you have 3,000 clients and only half did not sign or have the signed copy placed in their file. The fine is $100 times 1500 or $150,000. How many fines like that could your firm pay? After each employee completes the module, there is a test at the end, to confirm level of comprehension. If the score is passing, a certificate will be printable for the employee. If not, then a summary review of each section will be displayed, and the employee will have the opportunity to re-read and re-take that section. You as the administrator will be able to do reports for your employees as a group or individually by date. This report is printable for inclusion in your HIPAA compliance manual to demonstrate your employees have been trained and you are in compliance on this part.