Whether you use an outside consultant or do it yourself, training staff in Health Insurance Portability and Accountability Act (HIPAA) compliance should be customized to your own needs and situation. Consider this advice on how to provide the training that is right for your organization.
Understand how your hospital uses protected health information (PHI). The answer might seem obvious and the same as every other hospital, but look deeper than that, says Edward Buthesium, JD, director of the Berkeley Research Group in Philadelphia. Aside from using PHI in direct patient care, consider where that data goes, in what form, and for what purpose. Relationships with vendors that need feedback on their products might involve some transmission of PHI, for example, or physicians might share data with researchers at other institutions. At other hospitals, those situations might not be applicable.
Determine your gaps and weaknesses. Assess how well your current compliance efforts address HIPAA as it applies to your particular institution. A gap analysis will show where you need to emphasize training more or need to provide a specific type of HIPAA compliance education that might not be included in a generic program.
Find a HIPAA expert to customize your education. The specific training for your staff can be conducted by someone in-house if that person is extremely proficient with HIPAA interpretation, Buthesium says. A high level of expertise is necessary because a person generally competent in HIPAA might not be able to accurately assess the more detailed, situation-specific parts of the law. Don’t forget to look for experts throughout your parent health system, and if you hire a consultant for the job, make sure that person has more than a general familiarity with compliance details.