1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules &...

11

The HIPAA Training The HIPAA Training Program Life JacketProgram Life JacketKeeping your staff afloat in Keeping your staff afloat in the sea of HIPAA Rules & the sea of HIPAA Rules &

RegulationsRegulations

Holly Schlenvogt, MSHHolly Schlenvogt, MSH

Privacy OfficerPrivacy Officer

Medical Associates, Inc.Medical Associates, Inc.

[email protected]@ma-hc.comom

262-415-1009262-415-1009

Kirsten Ruzic Wild, RN, BSN, MBA, Kirsten Ruzic Wild, RN, BSN, MBA, CHCCHC

Corporate Compliance Officer, Corporate Compliance Officer, Privacy Officer & Risk ManagerPrivacy Officer & Risk Manager

Synergy HealthSynergy Health

[email protected]@synergyhealth.org

262-836-8366262-836-8366

mailto:[email protected]



22

Goals & ObjectivesGoals & Objectives

• How to determine the Who, What, How to determine the Who, What, Where, When, Why and How’s of Where, When, Why and How’s of HIPAA Privacy & Security TrainingHIPAA Privacy & Security Training

• HIPAA AttitudesHIPAA Attitudes

• When does it become an issue of When does it become an issue of employee accountability?employee accountability?

• Training DocumentationTraining Documentation

33

"We need to review

our training

material.”

Cartoon by Dave

Harbaugh

HCHumor © 2008 HCPro, Inc.

http://www.hcmarketplace.com/index.cfm?source=EHUMOR

44

Who To TrainWho To Train

• The Captain & First Mates: high level The Captain & First Mates: high level “safety” measures“safety” measures

• The Crew: how to handle:The Crew: how to handle:– Day to day issues to keep the boat afloatDay to day issues to keep the boat afloat– Generally how to handle new and unique Generally how to handle new and unique

issues (i.e. alert the Captain & First Mates)issues (i.e. alert the Captain & First Mates)

• The Passengers should be able to relax The Passengers should be able to relax and enjoy their cruise!and enjoy their cruise!

Training will vary by titles and roles

55

Who To Train: Captain & First Who To Train: Captain & First MatesMates

• OwnersOwners

• Board of DirectorsBoard of Directors

• LeadersLeaders

• PhysiciansPhysicians

66

Who To Train: The CrewWho To Train: The Crew

• EmployeesEmployees

• LeadersLeaders

• Physicians (yes, they may wear the Physicians (yes, they may wear the hat of a captain, first mate, and crew hat of a captain, first mate, and crew member)member)

• Temporary EmployeesTemporary Employees

• VolunteersVolunteers

• Consultants & ContractorsConsultants & Contractors

77

Who To Train: The Who To Train: The PassengersPassengers

• Patients & their family Patients & their family members/friendsmembers/friends– NOPPNOPP– Access (for them & their loved ones)Access (for them & their loved ones)– Release of Information (to other Release of Information (to other

facilities, law enforcement, etc.)facilities, law enforcement, etc.)– Amendment requestsAmendment requests– Special RequestsSpecial Requests– Filing a complaintFiling a complaint– PerceptionsPerceptions

• OtherOther

• Do you train any other passengers?Do you train any other passengers?

88

What To TrainWhat To Train

• The Perfect StormThe Perfect Storm– What obstacles or dangers are in the sea What obstacles or dangers are in the sea

(other boats, currents, icebergs, sea (other boats, currents, icebergs, sea cucumbers, etc.)?cucumbers, etc.)?

– How to handle “unpredictable obstacles”How to handle “unpredictable obstacles”

• The people to protectThe people to protect• How to protect themHow to protect them• Why this is importantWhy this is important

99

What To Train: ExamplesWhat To Train: Examples

• Example sessions & scenarios for your Example sessions & scenarios for your reference. reference. – Disclaimer:Disclaimer: these do not represent legal these do not represent legal

advice and are by no means intended to advice and are by no means intended to be perfect or even cover every topic. be perfect or even cover every topic. They are just examples. It’s up to you to They are just examples. It’s up to you to determine “what” to train based on your determine “what” to train based on your organization’s needs, issues, culture, etc. organization’s needs, issues, culture, etc. We cannot guarantee this information will We cannot guarantee this information will be understood, remembered, followed, or be understood, remembered, followed, or even read by your employees! even read by your employees!

1010

What To Train: ScenariosWhat To Train: Scenarios

• Consider sending out periodic Consider sending out periodic scenarios and/or have them in the scenarios and/or have them in the training sessionstraining sessions– Hot topicsHot topics– Recent issueRecent issue– Review in Department MeetingsReview in Department Meetings

• Hearing examples of errors made and Hearing examples of errors made and how to prevent them from happening how to prevent them from happening “sticks” better than just telling the law“sticks” better than just telling the law

• Teach them to think!Teach them to think!

1111

What To Train: We’re Right What To Train: We’re Right HereHere

• Let them know who you are and you Let them know who you are and you are available for questions, are available for questions, comments, & concernscomments, & concerns

• How they can find youHow they can find you– EmailEmail– PhonePhone– PagerPager– HotlineHotline– Other?Other?

1212

What To Train: P&PsWhat To Train: P&Ps

• What to train is right inside What to train is right inside your very own passport: your very own passport: policies & procedures (P&Ps)policies & procedures (P&Ps)

• Review them and Review them and “categorize” each point for “categorize” each point for different titles/roles to traindifferent titles/roles to train

• You can’t possibly cover You can’t possibly cover every point, instead cover every point, instead cover the core of each onethe core of each one

1313

What To Train: The BasicsWhat To Train: The Basics

• The Basics:The Basics:– Safeguarding PHISafeguarding PHI– The Privacy Officer is available, willing The Privacy Officer is available, willing

and able to help you!and able to help you!

• Issue: “This is basic stuff. I don’t Issue: “This is basic stuff. I don’t need to be reminded.”need to be reminded.”

• Repeat these, consistently!Repeat these, consistently!

1414

What To Train: The Privacy What To Train: The Privacy Iceberg ObstaclesIceberg Obstacles

• Release of InformationRelease of Information– Release = verbal, written, Release = verbal, written,

electronicelectronic– When an authorization is When an authorization is

requiredrequired– MinorsMinors– Mental HealthMental Health– Special PHI CommunicationsSpecial PHI Communications– Release the minimum Release the minimum

necessarynecessary

1515

What To Train: The Privacy What To Train: The Privacy ObstaclesObstacles

• ““Typical” releases of information Typical” releases of information (TPO)(TPO)– Anything else, do not release, review Anything else, do not release, review

P&Ps/ contact your Privacy Officer!P&Ps/ contact your Privacy Officer!

•Ex: Attorney wants PHI Ex: Attorney wants PHI NOWNOW, now what?, now what?

•Law enforcement tells employee the patient Law enforcement tells employee the patient is in jail and no longer has any privacy is in jail and no longer has any privacy rights.rights.

1616

What To Train: The Security What To Train: The Security Iceberg Iceberg ObstaclesObstacles

• Access the Minimum NecessaryAccess the Minimum Necessary– What do you really need to do What do you really need to do youryour

assigned job responsibilities?assigned job responsibilities?– Does this include looking at your family Does this include looking at your family

member’s PHI for treatment received or to member’s PHI for treatment received or to look up an appointment in a department in look up an appointment in a department in which you don’t work?which you don’t work?

• EmailEmail– Email patients?Email patients?– Encrypt when externalEncrypt when external

1717

What To Train: The Security What To Train: The Security ObstaclesObstacles

• Password ProtectionsPassword Protections– Don’t share them! Don’t share them! Don’t share them! Don’t share them!

Don’t share them! Did I say, don’t share Don’t share them! Did I say, don’t share them?!them?!

• Flash drives & other portable mediaFlash drives & other portable media

• What examples can you share?What examples can you share?

1818

Where To TrainWhere To Train

• Different fish like different bait.Different fish like different bait.– Too cold, too hot, just right!Too cold, too hot, just right!– Some have better eye sight than Some have better eye sight than

othersothers– Some travel in schools, others are Some travel in schools, others are

better off alonebetter off alone

• Consider time restrictionsConsider time restrictions

• Vary it up for the different fish!Vary it up for the different fish!

1919

Where To TrainWhere To Train

•Where do you train?Where do you train?

Face-to-faceFace-to-face OnlineOnline

MeetingsMeetings ManualManual

Email Email CommunicationsCommunications

NewslettersNewsletters

Intranet Intranet CommunicationsCommunications

Walk through the Walk through the organization organization periodicallyperiodically

DVD / VideoDVD / Video

2020

When To TrainWhen To Train

• It’s not a good time to It’s not a good time to train while the boat is train while the boat is sinking, but you already sinking, but you already knew that!knew that!

2121

When To TrainWhen To Train

• Initial trainingInitial training

• Law changes (51.30)Law changes (51.30)

• Technology changesTechnology changes

• Realize the “culture” Realize the “culture” needs to changeneeds to change

• When do you train?When do you train?

• HIPAA WeekHIPAA Week

• OngoingOngoing– AnnualAnnual– As P&Ps changeAs P&Ps change– As “hot topics” or As “hot topics” or

issues ariseissues arise– Quarterly/bi-annual Quarterly/bi-annual

scenariosscenarios

2222

Why Do We Train?Why Do We Train?

• We like to “annoy” our captains, first We like to “annoy” our captains, first mate, and crew… mate, and crew… – No!No!

• As long as you live under my ocean, As long as you live under my ocean, you’ll obey my rules!you’ll obey my rules!– No!No!

• We like to make sure our cruise is We like to make sure our cruise is smooth sailing during the entire trip…smooth sailing during the entire trip…– Yes!Yes!

2323

Why Do We Train?: LawsWhy Do We Train?: Laws

• PrivacyPrivacy– ““A covered entity must train all members of its workforce on A covered entity must train all members of its workforce on

the policies and procedures with respect to protected health the policies and procedures with respect to protected health information required by this subpart, as necessary and information required by this subpart, as necessary and appropriate for the members of the workforce to carry out appropriate for the members of the workforce to carry out their function within the covered entity (CE).” 164.530(b)(1)their function within the covered entity (CE).” 164.530(b)(1)• A covered entity must provide training…as follows:A covered entity must provide training…as follows:

– To each member of the CE’s workforce no later than the To each member of the CE’s workforce no later than the compliance date…compliance date…

– Thereafter, to each new member of the workforce within a Thereafter, to each new member of the workforce within a reasonable period of time after the person joins the reasonable period of time after the person joins the workforce; andworkforce; and

– To each member of the CE’s workforce whose functions are To each member of the CE’s workforce whose functions are affected by a material change in the P&Ps required by this affected by a material change in the P&Ps required by this subpart, within a reasonable period of time after the material subpart, within a reasonable period of time after the material change becomes effective…change becomes effective…

– A CE must document the training…has been provided.A CE must document the training…has been provided.

2424


• SecuritySecurity– ““Implement a security awareness Implement a security awareness

and training program for all and training program for all members of its workforce members of its workforce (including management)” (including management)” 164.308(a)(5)(ii)(a)164.308(a)(5)(ii)(a)•Security Updates – periodic security Security Updates – periodic security

updates (Addressable)updates (Addressable)

2525


• Respect our patients’ right to privacyRespect our patients’ right to privacy• It’s a part of our customer service It’s a part of our customer service

standardsstandards

• Why do you train?Why do you train?

• Whew! There’s a lot to teach!!!Whew! There’s a lot to teach!!!• Yes, and we know we have to train Yes, and we know we have to train

it… but how do it… but how do we get the points across?we get the points across?

2626

How to TrainHow to Train

• How in depth do you How in depth do you train?train?

• Snorkeling vs. deep Snorkeling vs. deep sea scuba divingsea scuba diving

• Different skills Different skills necessary for a salmon necessary for a salmon in the lake versus one in the lake versus one swimming upstream in swimming upstream in a rivera river

2727


• Some considerationsSome considerations– Different for length of “employment”Different for length of “employment”– Different by title/roleDifferent by title/role

•Complexity of issues varyComplexity of issues vary

•Release of Information for only those who Release of Information for only those who actually release PHI (does facility services actually release PHI (does facility services really need this training?)really need this training?)

– Back to the basics for allBack to the basics for all

2828

How to TrainHow to TrainAdult Learning PrinciplesAdult Learning Principles

• MotivationMotivation – adults learn better with an – adults learn better with an inner motivation to develop a new skill or inner motivation to develop a new skill or gain knowledge; resist learning if it is gain knowledge; resist learning if it is forced on them; why need to learn and forced on them; why need to learn and what the benefits are; practical; interest what the benefits are; practical; interest and self-benefitand self-benefit

• Appropriate Level of DifficultyAppropriate Level of Difficulty – challenging – challenging but not overwhelming; info should relate but not overwhelming; info should relate directly to learner’s own personal needs directly to learner’s own personal needs and wants; don’t make a lesser used skill and wants; don’t make a lesser used skill so important that it de-motivatesso important that it de-motivates

2929

How to TrainHow to TrainAdult Learning PrinciplesAdult Learning Principles

• ReinforcementReinforcement – very necessary; encourages correct – very necessary; encourages correct performance and discourages bad habits; negative performance and discourages bad habits; negative reinforcement can be useful to change bad habits or reinforcement can be useful to change bad habits or inappropriate behavior; praise for asking questionsinappropriate behavior; praise for asking questions

• RetentionRetention – must retain what taught to benefit from – must retain what taught to benefit from the learning; must see a meaning or a purpose for the learning; must see a meaning or a purpose for the new information; must be able to understand, the new information; must be able to understand, interpret and apply the info in their own real life interpret and apply the info in their own real life contexts; able to assign correct degree of contexts; able to assign correct degree of importance to material and its application in the importance to material and its application in the future; if didn’t learn well to begin with, degree of future; if didn’t learn well to begin with, degree of retention is reduced; requires practiceretention is reduced; requires practice

3030


Adult Learning PrinciplesAdult Learning Principles

• TransferenceTransference – ability to use the – ability to use the information taught in new settings and information taught in new settings and contexts; positive transference means contexts; positive transference means they use the skills taught; negative they use the skills taught; negative transference means they don’t use the transference means they don’t use the information provided; once wrong info is information provided; once wrong info is absorbed and used again and again just absorbed and used again and again just becomes another bad habit becomes another bad habit

3131


• Be creativeBe creative– Base training around a themeBase training around a theme– Incentives: Provide treats or trinketsIncentives: Provide treats or trinkets– Games?Games?– Candy bar wrapped with question to answerCandy bar wrapped with question to answer– Have HIPAA “specialists” in each Have HIPAA “specialists” in each

area/department to help answer questionsarea/department to help answer questions– Caring for colleaguesCaring for colleagues

• Vary the trainingVary the training

• How are you creative?How are you creative?

3232

How to Train – Training How to Train – Training TechniquesTechniques

• Clip art, flash animation, etc.Clip art, flash animation, etc.

• HandoutsHandouts

• Practice ahead of timePractice ahead of time

• Set up the room well in Set up the room well in advanceadvance

• Know your audienceKnow your audience

• Don’t fake itDon’t fake it

• If you freeze, relax!If you freeze, relax!

3333

How to Train – Training How to Train – Training TechniquesTechniques

• Get attention at the beginningGet attention at the beginning• Get audience involvedGet audience involved• Look at the audienceLook at the audience• Talk to people, don’t lectureTalk to people, don’t lecture• Guide them to their own Guide them to their own

knowledgeknowledge

• Do you have any techniques Do you have any techniques to share?to share?

3434

How to Train – Training to How to Train – Training to Avoid ObstaclesAvoid Obstacles

• Train those Hot topics!Train those Hot topics!

• Explain how HIPAA violations occur, Explain how HIPAA violations occur, why they occur, and how to prevent why they occur, and how to prevent themthem

• Predict obstaclesPredict obstacles

• Train how to think in unique Train how to think in unique situationssituations

3535


• Remember your crew has a lot of Remember your crew has a lot of other things to remember (such as other things to remember (such as providing patient care & excellent providing patient care & excellent customer service)customer service)– Be understanding & encouragingBe understanding & encouraging

• How do you train?How do you train?

3636

HIPAA AttitudesHIPAA Attitudes

• Have you encounter an employee that just Have you encounter an employee that just doesn’t get it, or worse doesn’t appear to doesn’t get it, or worse doesn’t appear to want to get it?want to get it?

• We’re sure you’ve never encountered an We’re sure you’ve never encountered an Upper Management individual like this!Upper Management individual like this!

• What do you do with this?What do you do with this?

• Have you had any experiences with bad Have you had any experiences with bad attitudes?attitudes?

3737


• I don’t have time for this!I don’t have time for this!

• This is boring!This is boring!

• It’s never been a problem in the pastIt’s never been a problem in the past

• Other organizations do it this way…Other organizations do it this way…

• That will That will nevernever happen to me! happen to me!

• ““HIPAA Schmipa!”HIPAA Schmipa!”

• And the opposite attitude…blame HIPAA for And the opposite attitude…blame HIPAA for everything!everything!

3838


• Change Process/Technology Adoption Change Process/Technology Adoption LifecycleLifecycle

• Everett Rogers “Diffusion of Everett Rogers “Diffusion of Innovations” 1957Innovations” 1957

• Defined 5 categories of Adopters or Defined 5 categories of Adopters or individual responses to changeindividual responses to change

3939


5 categories of Adopters:5 categories of Adopters:

• Innovators:Innovators: eager to try new ideas, eager to try new ideas, venturesome, prepared for setbacks venturesome, prepared for setbacks and not discouraged, launch new ideasand not discouraged, launch new ideas

• Early Adopters:Early Adopters: high degree of opinion high degree of opinion leadership; social leadersleadership; social leaders

• Early Majority: Early Majority: cautious toward change, cautious toward change, rarely lead change efforts but willing to rarely lead change efforts but willing to adopt new ideasadopt new ideas

4040


• Late Majority:Late Majority: view change with skepticism view change with skepticism and caution, feel pressured to embrace and caution, feel pressured to embrace change from others who have already change from others who have already adoptedadopted

• Laggards: Laggards: very traditional and last to very traditional and last to adopt, point of reference is the past, adopt, point of reference is the past, decisions are made in terms of what has decisions are made in terms of what has been done in the previously, adoption of been done in the previously, adoption of change lags behind their awareness and change lags behind their awareness and knowledge levelknowledge level

4141


• WhatWhat do you do you dodo with the Laggards? with the Laggards? • Send them to Davy Jones’ Locker?Send them to Davy Jones’ Locker?• Identify personality types in response Identify personality types in response

to changeto change• Initially, target Innovators and Initially, target Innovators and Early Early

AdoptersAdopters• Laggards do eventually get there but Laggards do eventually get there but

processes must be well-establishedprocesses must be well-established

4242

AccountabilityAccountability

• Are we still teaching a new Are we still teaching a new “culture”, or should “culture”, or should employees now be employees now be accountable to “know better accountable to “know better than to do that”?than to do that”?

• Train that everyone is Train that everyone is accountable for understanding accountable for understanding and applying your HIPAA and applying your HIPAA P&Ps.P&Ps.

• Employees state they don’t Employees state they don’t recall that trainingrecall that training

4343

AccountabilityAccountability

• Understand that we are human and Understand that we are human and humans make mistakes (lapses occur)humans make mistakes (lapses occur)

• Train that disciplinary action is Train that disciplinary action is required, but make them comfortable required, but make them comfortable about thisabout this– Just Culture philosophy…how does it fit?Just Culture philosophy…how does it fit?

• How do you make them understand How do you make them understand the importance of this?the importance of this?

4444

Training DocumentationTraining Documentation

• Remember to document Remember to document all trainingall training– AnnualAnnual– OngoingOngoing– Electronic communicationsElectronic communications

• Signed agreements may Signed agreements may be considered “training”be considered “training”

• Communications may be Communications may be considered “training”considered “training”

4545

Training DocumentationTraining Documentation

• Who maintains this documentation?Who maintains this documentation?

• Maintain for six years.Maintain for six years.

• What purpose does it serve, other than What purpose does it serve, other than meeting regulation requirements?meeting regulation requirements?– Government investigations (OCR requests Government investigations (OCR requests

copies)copies)– Proof of education during disciplinary Proof of education during disciplinary

processprocess

4646

Other ConsiderationsOther Considerations

• What else do you consider to What else do you consider to be important elements in your be important elements in your Privacy & Security Training Privacy & Security Training program?program?

4747

May You Have Exciting, May You Have Exciting, Yet Smooth Yet Smooth

HIPAA TrainingHIPAA TrainingSeas Ahead!Seas Ahead!

Thank you!Thank you!

1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules &...

Documents

Transcript of 1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules &...