HIPAA Training

HIPAA Training Requirements


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Conducting annual HIPAA training is a key component of maintaining HIPAA compliance. However, hosting a practice-wide training day is not sufficient, mainly because if an employee is hired after your practice’s annual training day, they could go an entire year without completing their required training. Since each employee must renew their HIPAA training annually, it is best to utilize a training program that allows employees to do their training according to their specific due date.

What Are HIPAA Training Requirements?

HIPAA training should include the following components:

  • HIPAA Standards: it is important for employees to have a general understanding of HIPAA. Employees should understand what constitutes protected health information (PHI), and what the proper uses and disclosures of PHI are. HIPAA requires healthcare organizations and their staff members to adhere to the minimum necessary standard when it comes to accessing and disclosing PHI. This means that PHI must only be used and disclosed for a specific purpose.
  • Policies and Procedures: HIPAA requires healthcare organizations to create policies and procedures that are specific to their business practices. However, they are only effective if employees are aware of what they are. HIPAA training should provide staff members with an understanding of your practice’s administrative, physical, and technical safeguards. It is also important that employees are aware of how to report a suspected breach, and who they should report it to.
  • Social Media Use: it is not permitted to disclose PHI via social media without explicit written consent from the patient. This includes responding to online reviews, patient testimonials on a website, sharing images of a patient (even if they are in the background of a photo), or sharing images with patient information in them.
  • Recognizing Phishing Attempts: hackers are using phishing emails with increasing frequency to gain access to sensitive information. Phishing emails disguise hackers as a trusted entity, generally asking for access to confidential information, or prompting recipients to click on a malicious link. This allows hackers access to the employee’s email account and in some cases the organization’s entire internal network.
Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments