emPower

HIPAA Privacy and Security Rules, and Security Awareness Training

HIPAA – the Health Insurance Portability and Accountability Act – is federal legislation passed in 1996 that addresses various elements of healthcare in the United States, including health insurance reforms and several other areas not related to privacy or security.

However, this law also includes a mandate for the US Department of Health and Human Services (“DHHS”) to issue regulations that specify privacy and security protection for healthcare information about individuals.

HIPAA compliance requires training of almost all individuals who work for a healthcare organization – even those who may only be incidentally exposed to such information.

Examples of people who should be trained in the HIPAA regulations include:

  • physicians, chiropractors, nurses, technicians
  • administrators, clerks, order processing staff
  • staff employees such as custodians, transportation, security
  • volunteers, independent contractors, consultants and vendors

And the rules also require that these training programs are fully documented.

The HIPAA Privacy Rule

The HIPAA Privacy Rule was finalized during the summer of 2002. Under this rule, healthcare organizations across the country must train all employees in the basics of patient privacy and confidentiality including concepts such as “Protected Health Information” (PHI) and the “Minimum Necessary” principle.

The HIPAA Security Rule

The final version of the HIPAA Security Rule was issued by the DHHS in February, 2003. This rule specifies a wide range of provisions to improve the way that patient information is secured against disclosure, modification or loss including security awareness training for all staff (including management) with access to patient information. These (addressable) measures include user training on:

  • malicious software (viruses & worms)
  • creating and managing passwords
  • monitoring for and responding to login failure

as well as the provision of periodic security reminders.

Like this post? Subscribe to receive updates directly in your inbox.