Provide Frequent HIPAA Training with Real-World Scenarios
Training employees in HIPAA compliance should be frequent and include realistic situations, including scenarios in which they may unknowingly facilitate a breach, says Lani M. Dornfeld, JD, CHPC, an attorney with Brach Eichler in Palm Beach, FL.
After any breach, the Office for Civil Rights (OCR) asks about frequency of compliance training, and requests proof. Investigators often want to see training materials to assess its effectiveness, which influences settlement decisions.
In addition to working with clients on HIPAA issues, Dornfeld is the compliance officer for her law firm. She says this has helped her understand which training tactics are most effective. Dornfeld has found clients who only train staff once a year have more trouble retaining good HIPAA habits.
People also respond better and retain more information when the training is live in person — or at least live online — rather than watching a video and taking a quiz. The ability to ask questions is important.
Dornfeld’s team also sends short, periodic email blasts with updates about HIPAA compliance trends or emerging breach risks.
“I have many training initiatives for the firm throughout the year, and I encourage clients to do the same. We have the more formal live webinar training that everyone is required to attend, but that is not enough to counter the endless barrage of cybercriminals,” Dornfeld says. “We use additional training videos throughout the year, limiting them to five- or 10-minute videos that we cycle out to different people on different days of the month.”
The short videos produce better cooperation from staff than 20-minute videos, Dornfeld notes. She looks for videos that cover only one or two HIPAA topics at a time.
“People are willing to fit a five-minute video into their day. We look for videos that show them things they can relate to, such as what a phishing email really looks like when it lands in their inbox,” Dornfeld explains. “A longer webinar can cover a lot, but for these videos we’re looking for short, punchy illustrations with practical examples they can relate to in their work.”
- Lani M. Dornfeld, JD, CHPC, Brach Eichler, Palm Beach, FL. Phone: (973) 403-3136. Email: [email protected].
Training employees in HIPAA compliance should be frequent and include realistic situations, including scenarios in which they may unknowingly facilitate a breach.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.